diff --git a/dereferenced/idn-v3-spec.yaml b/dereferenced/idn-v3-spec.yaml
new file mode 100644
index 0000000..5adf7a3
--- /dev/null
+++ b/dereferenced/idn-v3-spec.yaml
@@ -0,0 +1,93472 @@
+openapi: 3.0.1
+info:
+ title: IdentityNow V3 API
+ description: 'Use these APIs to interact with the IdentityNow platform to achieve repeatable, automated processes with greater scalability. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs.'
+ termsOfService: 'https://developer.sailpoint.com/discuss/tos'
+ contact:
+ name: Developer Relations
+ url: 'https://developer.sailpoint.com/discuss/api-help'
+ license:
+ name: MIT
+ url: 'https://opensource.org/licenses/MIT'
+ version: 3.0.0
+servers:
+ - url: 'https://{tenant}.api.identitynow.com/v3'
+ description: This is the production API server.
+ variables:
+ tenant:
+ default: sailpoint
+ description: 'This is the name of your tenant, typically your company''s name.'
+tags:
+ - name: Access Request Approvals
+ description: |
+ Use this API to implement and customize access request approval functionality.
+ With this functionality in place, administrators can delegate qualified users to review users' requests for access or managers' requests to revoke team members' access to applications, entitlements, or roles.
+ This enables more qualified users to review access requests and the others to spend their time on other tasks.
+
+ In IdentityNow, users can request access to applications, entitlements, and roles, and managers can request that team members' access be revoked.
+ For applications and entitlements, administrators can set access profiles to require approval from the access profile owner, the application owner, the source owner, the requesting user's manager, or a governance group for access to be granted or revoked.
+ For roles, administrators can also set roles to allow access requests and require approval from the role owner, the requesting user's manager, or a governance group for access to be granted or revoked.
+ If the administrator designates a governance group as the required approver, any governance group member can approve the requests.
+
+ When a user submits an access request, IdentityNow sends the first required approver in the queue an email notification, based on the access request configuration's approval and reminder escalation configuration.
+
+ In Approvals in IdentityNow, required approvers can view pending access requests under the Requested tab and approve or deny them, or the approvers can reassign the requests to different reviewers for approval.
+ If the required approver approves the request and is the only reviewer required, IdentityNow grants or revokes access, based on the request.
+ If multiple reviewers are required, IdentityNow sends the request to the next reviewer in the queue, based on the access request configuration's approval reminder and escalation configuration.
+ The required approver can then view any completed access requests under the Reviewed tab.
+
+ Refer to the following link for more information about access request approvals:
+ externalDocs:
+ description: Learn more about access request approvals
+ url: 'https://documentation.sailpoint.com/saas/help/requests/index.html'
+ - name: Access Requests
+ description: |
+ Use this API to implement and customize access request functionality.
+ With this functionality in place, users can request access to applications, entitlements, or roles, and managers can request that team members' access be revoked.
+ This allows users to get access to the tools they need quickly and securely, and it allows managers to take away access to those tools.
+
+ IdentityNow's Access Request service allows end users to request access that requires approval before it can be granted to users and enables qualified users to review those requests and approve or deny them.
+
+ In the Request Center in IdentityNow, users can view available applications, roles, and entitlements and request access to them.
+ If the requested tools requires approval, the requests appear as 'Pending' under the My Requests tab until the required approver approves, rejects, or cancels them.
+
+ Users can use My Requests to track and/or cancel the requests.
+
+ In My Team on the IdentityNow Home, managers can submit requests to revoke their team members' access.
+ They can use the My Requests tab under Request Center to track and/or cancel the requests.
+
+ Refer to the following link for more information about access requests:
+ externalDocs:
+ description: Learn more about access requests
+ url: 'https://documentation.sailpoint.com/saas/user-help/requests/requesting_access.html'
+ - name: Accounts
+ description: |
+ Use this API to implement and customize account functionality.
+ With this functionality in place, administrators can manage users' access across sources in IdentityNow.
+
+ In IdentityNow, an account refers to a user's account on a supported source.
+ This typically includes a unique identifier for the user, a unique password, a set of permissions associated with the source and a set of attributes. IdentityNow loads accounts through the creation of sources in IdentityNow.
+
+ Administrators can correlate users' identities with the users' accounts on the different sources they use.
+ This allows IdentityNow to govern the access of identities and all their correlated accounts securely and cohesively.
+
+ To view the accounts on a source and their correlated identities, administrators can use the Connections drop-down menu, select Sources, select the relevant source, and select its Account tab.
+
+ To view and edit source account statuses for an identity in IdentityNow, administrators can use the Identities drop-down menu, select Identity List, select the relevant identity, and select its Accounts tab.
+ Administrators can toggle an account's Actions to aggregate the account, enable/disable it, unlock it, or remove it from the identity.
+
+ Accounts can have the following statuses:
+
+ - Enabled: The account is enabled. The user can access it.
+
+ - Disabled: The account is disabled, and the user cannot access it, but the identity is not disabled in IdentityNow. This can occur when an administrator disables the account or when the user's lifecycle state changes.
+
+ - Locked: The account is locked. This may occur when someone has entered an incorrect password for the account too many times.
+
+ - Pending: The account is currently updating. This status typically lasts seconds.
+
+ Administrators can select the source account to view its attributes, entitlements, and the last time the account's password was changed.
+
+ Refer to the following link for more information about accounts:
+ externalDocs:
+ description: Learn more about accounts
+ url: 'https://documentation.sailpoint.com/saas/help/common/users/user_access.html'
+ - name: Account Activities
+ description: |
+ Use this API to implement account activity tracking functionality.
+ With this functionality in place, users can track source account activity in IdentityNow, which greatly improves traceability in the system.
+
+ An account activity refers to a log of each action performed on a source account. This is useful for auditing the changes performed on an account throughout its life.
+ In IdentityNow's Search, users can search for account activities and select the activity's row to get an overview of the activity's account action and view its progress, its involved sources, and its most basic metadata, such as the identity requesting the option and the recipient.
+
+ Account activity includes most actions IdentityNow completes on source accounts. Users can search in IdentityNow for the following account action types:
+
+ - Access Request: These include any access requests the source account is involved in.
+
+ - Account Attribute Updates: These include updates to a single attribute on an account on a source.
+
+ - Account State Update: These include locking or unlocking actions on an account on a source.
+
+ - Certification: These include actions removing an entitlement from an account on a source as a result of the entitlement's revocation during a certification.
+
+ - Cloud Automated `Lifecyclestate`: These include automated lifecycle state changes that result in a source account's correlated identity being assigned to a different lifecycle state.
+ IdentityNow replaces the `Lifecyclestate` variable with the name of the lifecycle state it has moved the account's identity to.
+
+ - Identity Attribute Update: These include updates to a source account's correlated identity attributes as the result of a provisioning action.
+ When you update an identity attribute that also updates an identity's lifecycle state, the cloud automated `Lifecyclestate` event also displays.
+ Account Activity does not include attribute updates that occur as a result of aggregation.
+
+ - Identity Refresh: These include correlated identity refreshes that occur for an account on a source whenever the account's correlated identity profile gets a new role or updates.
+ These also include refreshes that occur whenever IdentityNow assigns an application to the account's correlated identity based on the application's being assigned to All Users From Source or Specific Users From Source.
+
+ - Lifecycle State Refresh: These include the actions that took place when a lifecycle state changed. This event only occurs after a cloud automated `Lifecyclestate` change or a lifecycle state change.
+
+ - Lifecycle State Change: These include the account activities that result from an identity's manual assignment to a null lifecycle state.
+
+ - Password Change: These include password changes on sources.
+
+ Refer to the following link for more information about account activities:
+ externalDocs:
+ description: Learn more about account activities
+ url: 'https://documentation.sailpoint.com/saas/help/search/index.html'
+ - name: Certifications
+ - name: Certification Summaries
+ - name: Lifecycle States
+ description: |
+ Use this API to implement and customize lifecycle state functionality.
+ With this functionality in place, administrators can create and configure custom lifecycle states for use across their organizations, which is key to controlling which users have access, when they have access, and the access they have.
+
+ A lifecycle state describes a user's status in a company. For example, two lifecycle states come by default with IdentityNow: 'Active' and 'Inactive.'
+ When an active employee takes an extended leave of absence from a company, his or her lifecycle state may change to 'Inactive,' for security purposes.
+ The inactive employee would lose access to all the applications, sources, and sensitive data during the leave of absence, but when the employee returns and becomes active again, all that access would be restored.
+ This saves administrators the time that would otherwise be spent provisioning the employee's access to each individual tool, reviewing the employee's certification history, etc.
+
+ Administrators can create a variety of custom lifecycle states. See [Planning New Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#planning-new-lifecycle-states) for some custom lifecycle state ideas.
+
+ Administrators must define the criteria for being in each lifecycle state, and they must define how IdentityNow manages users' access to apps and sources for each lifecycle state.
+
+ In IdentityNow, administrators can manage lifecycle states by going to Admin > Identities > Identity Profile, selecting the identity profile whose lifecycle states they want to manage, selecting the 'Provisioning' tab, and using the left panel to either select the lifecycle state they want to modify or create a new lifecycle state.
+
+ In the 'Provisioning' tab, administrators can make the following access changes to an identity profile's lifecycle state:
+
+ - Enable/disable the lifecycle state for the identity profile.
+
+ - Enable/disable source accounts for the identity profile's lifecycle state.
+
+ - Add existing access profiles to grant to the identity profiles in that lifecycle state.
+
+ - Create a new access profile to grant to the identity profile in that lifecycle state.
+
+ Access profiles granted in a previous lifecycle state are automatically revoked when the identity moves to a new lifecycle state.
+ To maintain access across multiple lifecycle states, administrators must grant the access profiles in each lifecycle state.
+ For example, if an administrator wants users with the 'HR Employee' identity profile to maintain their building access in both the 'Active' and 'Leave of Absence' lifecycle states, the administrator must grant the access profile for that building access to both lifecycle states.
+
+ During scheduled refreshes, IdentityNow evaluates lifFecycle states to determine whether their assigned identities have the access defined in the lifecycle states' access profiles.
+ If the identities are missing access, IdentityNow provisions that access.
+
+ Administrators can also use the 'Provisioning' tab to configure email notifications for IdentityNow to send whenever an identity with that identity profile has a lifecycle state change.
+ See [Configuring Lifecycle State Notifications](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#configuring-lifecycle-state-notifications) for more information on how to do so.
+
+ An identity's lifecycle state can have four different statuses: the lifecycle state's status can be 'Active,' it can be 'Not Set,' it can be 'Not Valid,' or it 'Does Not Match Technical Name Case.'
+ See [Moving Identities into Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#moving-identities-into-lifecycle-states) for more information about these different lifecycle state statuses.
+
+ Refer to the following link for more information about lifecycle states:
+ externalDocs:
+ description: Learn more about lifecycle states
+ url: 'https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html'
+ - name: Identity Profiles
+ description: |
+ Use this API to implement identity profile functionality.
+ With this functionality in place, administrators can view identity profiles and their configurations.
+
+ Identity profiles represent the configurations that can be applied to identities as a way of granting them a set of security and access, as well as defining the mappings between their identity attributes and their source attributes.
+
+ In IdentityNow, administrators can use the Identities drop-down menu and select Identity Profiles to view the list of identity profiles.
+ This list shows some details about each identity profile, along with its status.
+ They can select an identity profile to view its settings, its mappings between identity attributes and correlating source account attributes, and its provisioning settings.
+
+ Refer to the following link for more information about identity profiles:
+ externalDocs:
+ description: Learn more about identity profiles
+ url: 'https://documentation.sailpoint.com/saas/help/setup/identity_profiles.html'
+ - name: Non-Employee Lifecycle Management
+ description: |
+ Use this API to implement non-employee lifecycle management functionality.
+ With this functionality in place, administrators can create non-employee records and configure them for use in their organizations.
+ This allows organizations to provide secure access to non-employees and control that access.
+
+ The 'non-employee' term refers to any consultant, contractor, intern, or other user in an organization who is not a full-time permanent employee.
+ Organizations can track non-employees' access and activity in IdentityNow by creating and maintaining non-employee sources.
+ Organizations can have a maximum of 50 non-employee sources.
+
+ By using SailPoint's Non-Employee Lifecycle Management functionality, you agree to the following:
+
+ - SailPoint is not responsible for storing sensitive data.
+ You may only add account attributes to non-employee identities that are necessary for business operations and are consistent with your contractual limitations on data that may be sent or stored in IdentityNow.
+
+ - You are responsible for regularly downloading your list of non-employee accounts for all the sources you create and storing this list of accounts in a managed location to maintain an authoritative system of record and backup data for these accounts.
+
+ To manage non-employees in IdentityNow, administrators must create a non-employee source and add accounts to the source.
+
+ To create a non-employee source in IdentityNow, administrators must use the Admin panel to go to Connections > Sources.
+ They must then specify 'Non-Employee' in the 'Source Type' field.
+ See [Creating a Non-Employee Source](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#creating-a-non-employee-source) for more details about how to create non-employee sources.
+
+ To add accounts to a non-employee source in IdentityNow, administrators can select the non-employee source and add the accounts.
+ They can also use the 'Manage Non-Employees' widget on their user dashboards to reach the list of sources and then select the non-employee source they want to add the accounts to.
+
+ Administrators can either add accounts individually or in bulk. Each non-employee source can have a maximum of 20,000 accounts.
+ To add accounts in bulk, they must select the 'Bulk Upload' option and upload a CSV file.
+ See [Adding Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#adding-accounts) for more details about how to add accounts to non-employee sources.
+
+ Once administrators have created the non-employee source and added accounts to it, they can create identity profiles to generate identities for the non-employee accounts and manage the non-employee identities the same way they would any other identities.
+
+ Refer to the following link for more information about non-employee lifecycle management:
+ externalDocs:
+ description: Learn more about non-employee lifecycle management
+ url: 'https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html'
+ - name: OAuth Clients
+ - name: Password Management
+ description: |
+ Use this API to implement password management functionality.
+ With this functionality in place, users can manage their identity passwords for all their applications.
+
+ In IdentityNow, users can select their names in the upper right corner of the page and use the drop-down menu to select Password Manager.
+ Password Manager lists the user's identity's applications, possibly grouped to share passwords.
+ Users can then select 'Change Password' to update their passwords.
+
+ Grouping passwords allows users to update their passwords more broadly, rather than requiring them to update each password individually.
+ Password Manager may list the applications and sources in the following groups:
+
+ - Password Group: This refers to a group of applications that share a password.
+ For example, a user can use the same password for Google Drive, Google Mail, and YouTube.
+ Updating the password for the password group updates the password for all its included applications.
+
+ - Multi-Application Source: This refers to a source with multiple applications that share a password.
+ For example, a user can have a source, G Suite, that includes the Google Calendar, Google Drive, and Google Mail applications.
+ Updating the password for the multi-application source updates the password for all its included applications.
+
+ - Applications: These are applications that do not share passwords with other applications.
+
+ An organization may require some authentication for users to update their passwords.
+ Users may be required to answer security questions or use a third-party authenticator before they can confirm their updates.
+
+ Refer to the following link for more information about password management:
+ externalDocs:
+ description: Learn more about password management
+ url: 'https://documentation.sailpoint.com/saas/user-help/accounts/passwords.html'
+ - name: Personal Access Tokens
+ description: |
+ Use this API to implement personal access token (PAT) functionality.
+ With this functionality in place, users can use PATs as an alternative to passwords for authentication in IdentityNow.
+
+ PATs embed user information into the client ID and secret.
+ This replaces the API clients' need to store and provide a username and password to establish a connection, improving IdentityNow organizations' integration security.
+
+ In IdentityNow, users can do the following to create and manage their PATs: Select the dropdown menu under their names, select Preferences, and then select Personal Access Tokens.
+ They must then provide a description about the token's purpose.
+ They can then select 'Create Token' at the bottom of the page to generate and view the Secret and Client ID.
+
+ Refer to the following link for more information about PATs:
+ externalDocs:
+ description: Learn more about PATs
+ url: 'https://documentation.sailpoint.com/saas/help/common/generate_tokens.html'
+ - name: Public Identities
+ description: |
+ Use this API in conjunction with [Public Identites Config](https://developer.sailpoint.com/apis/v3/#tag/Public-Identities-Config) to enable non-administrators to view identities' publicly visible attributes.
+ With this functionality in place, non-administrators can view identity attributes other than the default attributes (email, lifecycle state, and manager), depending on which identity attributes their organization administrators have made public.
+ This can be helpful for access approvers, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks.
+ - name: Public Identities Config
+ description: |
+ Use this API to implement public identity configuration functionality.
+ With this functionality in place, administrators can make up to 5 identity attributes publicly visible so other non-administrator users can see the relevant information they need to make decisions.
+ This can be helpful for approvers making approvals, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks.
+
+ By default, non-administrators can select an identity and view the following attributes: email, lifecycle state, and manager.
+ However, it may be helpful for a non-administrator reviewer to see other identity attributes like department, region, title, etc.
+ Administrators can use this API to make those necessary identity attributes public to non-administrators.
+
+ For example, a non-administrator deciding whether to approve another identity's request for access to the Workday application, whose access may be restricted to members of the HR department, would want to know whether the identity is a member of the HR department.
+ If an administrator has used [Update Public Identity Config](https://developer.sailpoint.com/apis/v3/#operation/updatePublicIdentityConfig) to make the "department" attribute public, the approver can see the department and make a decision without requesting any more information.
+ - name: Requestable Objects
+ description: |
+ Use this API to implement requestable object functionality.
+ With this functionality in place, administrators can determine which access items can be requested with the [Access Request APIs](https://developer.sailpoint.com/apis/v3/#tag/Access-Requests), along with their statuses.
+ This can be helpful for administrators who are implementing and customizing access request functionality as a way of checking which items are requestable as they are created, assigned, and made available.
+ - name: Saved Search
+ - name: Scheduled Search
+ - name: Search
+ - name: Service Desk Integration
+ description: Operations for creating and accessing service desk integrations
+ - name: Sources
+ - name: Transforms
+ description: |
+ The purpose of this API is to expose functionality for the manipulation of Transform objects.
+ Transforms are a form of configurable objects which define an easy way to manipulate attribute data without having
+ to write code. These endpoints don't require API calls to other resources, audit service is used for keeping track
+ of which users have made changes to the Transforms.
+ externalDocs:
+ description: Learn more about Building Transforms
+ url: 'https://developer.sailpoint.com/docs/transforms/building_transforms/building_transforms.html'
+ - name: Work Items
+ description: |
+ Use this API to implement work item functionality.
+ With this functionality in place, users can manage their work items (tasks).
+
+ Work items refer to the tasks users see in IdentityNow's Task Manager.
+ They can see the pending work items they need to complete, as well as the work items they have already completed.
+ Task Manager lists the work items along with the involved sources, identities, accounts, and the timestamp when the work item was created.
+ For example, a user may see a pending 'Create an Account' work item for the identity Fred.Astaire in GitHub for Fred's GitHub account, fred-astaire-sp.
+ Once the user completes the work item, the work item will be listed with his or her other completed work items.
+
+ To complete work items, users can use their dashboards and select the 'My Tasks' widget.
+ The widget will list any work items they need to complete, and they can select the work item from the list to review its details.
+ When they complete the work item, they can select 'Mark Complete' to add it to their list of completed work items.
+
+ Refer to the following link for more information about work items, like the different types of work items users may need to complete:
+ externalDocs:
+ description: Learn more about work items
+ url: 'https://documentation.sailpoint.com/saas/user-help/task_manager.html'
+paths:
+ /access-requests:
+ post:
+ operationId: createAccessRequest
+ summary: Submit an Access Request
+ tags:
+ - Access Requests
+ description: |
+ This submits the access request into IdentityNow, where it will follow any IdentityNow approval processes.
+
+ Access requests are processed asynchronously by IdentityNow. A success response from this endpoint means the request
+ has been submitted to IDN and is queued for processing. Because this endpoint is asynchronous, it will not return an error
+ if you submit duplicate access requests in quick succession, or you submit an access request for access that is already in progress, approved, or rejected.
+ It is best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can
+ be accomplished by using the [access request status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [pending access request approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) endpoints. You can also
+ use the [search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items that an identity has before submitting
+ an access request to ensure you are not requesting access that is already granted.
+
+ There are two types of access request:
+
+ __GRANT_ACCESS__
+ * Can be requested for multiple identities in a single request.
+ * Supports self request and request on behalf of other users, see '/beta/access-request-config' endpoint for request configuration options.
+ * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others.
+ * Roles, Access Profiles and Entitlements can be requested.
+ * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.
+
+ __REVOKE_ACCESS__
+ * Can only be requested for a single identity at a time.
+ * Does not support self request. Only manager can request to revoke access for their directly managed employees.
+ * If removeDate is specified, then the access will be removed on that date and time.
+ * Allows a manager to request to revoke access for direct employees. A token with ORG_ADMIN authority can also request to revoke access from anyone.
+ * Roles and Access Profiles can be requested for revocation. Revoke request for entitlements are not supported currently.
+
+ NOTE: There is no indication to the approver in the IdentityNow UI that the approval request is for a revoke action. Take this into consideration when calling this API.
+
+ A token with API authority cannot be used to call this endpoint.
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ requestedFor:
+ description: 'A list of Identity IDs for whom the Access is requested. If it''s a Revoke request, there can only be one Identity ID.'
+ type: array
+ items:
+ type: string
+ example: 2c918084660f45d6016617daa9210584
+ requestType:
+ type: string
+ enum:
+ - GRANT_ACCESS
+ - REVOKE_ACCESS
+ description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field. Currently REVOKE_ACCESS is not supported for entitlements.
+ example: GRANT_ACCESS
+ requestedItems:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCESS_PROFILE
+ - ROLE
+ - ENTITLEMENT
+ description: The type of the item being requested.
+ example: ACCESS_PROFILE
+ id:
+ type: string
+ description: 'ID of Role, Access Profile or Entitlement being requested.'
+ example: 2c9180835d2e5168015d32f890ca1581
+ comment:
+ type: string
+ description: |
+ Comment provided by requester.
+ * Comment is required when the request is of type Revoke Access.
+ example: Requesting access profile for John Doe
+ clientMetadata:
+ type: object
+ additionalProperties:
+ type: string
+ example:
+ requestedAppId: 2c91808f7892918f0178b78da4a305a1
+ requestedAppName: test-app
+ example:
+ requestedAppName: test-app
+ requestedAppId: 2c91808f7892918f0178b78da4a305a1
+ description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities.
+ removeDate:
+ type: string
+ description: |
+ The date the role or access profile is no longer assigned to the specified identity.
+ * Specify a date in the future.
+ * The current SLA for the deprovisioning is 24 hours.
+ * This date can be modified to either extend or decrease the duration of access item assignments for the specified identity.
+ * Currently it is not supported for entitlements.
+ format: date-time
+ example: '2020-07-11T21:23:15.000Z'
+ required:
+ - id
+ - type
+ clientMetadata:
+ type: object
+ additionalProperties:
+ type: string
+ example:
+ requestedAppId: 2c91808f7892918f0178b78da4a305a1
+ requestedAppName: test-app
+ example:
+ requestedAppId: 2c91808f7892918f0178b78da4a305a1
+ requestedAppName: test-app
+ description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities.
+ required:
+ - requestedFor
+ - requestedItems
+ responses:
+ '202':
+ description: Accepted - Returned if the request was successfully accepted into the system.
+ content:
+ application/json:
+ schema:
+ type: object
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /access-requests/cancel:
+ post:
+ operationId: cancelAccessRequest
+ tags:
+ - Access Requests
+ summary: Cancel Access Request
+ description: |-
+ This API endpoint cancels a pending access request. An access request can be cancelled only if it has not passed the approval step.
+ Any token with ORG_ADMIN authority or token of the user who originally requested the access request is required to cancel it.
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ description: Request body payload for cancel access request endpoint.
+ required:
+ - accountActivityId
+ - comment
+ properties:
+ accountActivityId:
+ type: string
+ description: ID of the account activity object corresponding to the access request.
+ example: 2c9180835d2e5168015d32f890ca1581
+ comment:
+ type: string
+ description: Reason for cancelling the pending access request.
+ example: I requested this role by mistake.
+ example:
+ accountActivityId: 2c91808568c529c60168cca6f90c1313
+ comment: I requested this role by mistake.
+ responses:
+ '202':
+ description: Accepted - Returned if the request was successfully accepted into the system.
+ content:
+ application/json:
+ schema:
+ type: object
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /access-request-config:
+ get:
+ operationId: getAccessRequestConfig
+ summary: Get Access Request Configuration
+ tags:
+ - Access Requests
+ description: This endpoint returns the current access-request configuration.
+ responses:
+ '200':
+ description: Access Request Configuration Details.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ approvalsMustBeExternal:
+ type: boolean
+ description: 'If true, then approvals must be processed by external system.'
+ example: true
+ autoApprovalEnabled:
+ type: boolean
+ description: 'If true and requester and reviewer are the same, then automatically approve the approval.'
+ example: true
+ requestOnBehalfOfConfig:
+ description: Request On Behalf Of Configuration.
+ type: object
+ properties:
+ allowRequestOnBehalfOfAnyoneByAnyone:
+ type: boolean
+ description: If anyone can request access for anyone.
+ example: true
+ allowRequestOnBehalfOfEmployeeByManager:
+ type: boolean
+ description: If a manager can request access for his/her direct reports.
+ example: true
+ approvalReminderAndEscalationConfig:
+ description: Approval Reminder and Escalation Configuration.
+ type: object
+ properties:
+ daysUntilEscalation:
+ type: integer
+ description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.'
+ format: int32
+ example: 0
+ daysBetweenReminders:
+ type: integer
+ description: Number of days to wait between reminder notifications.
+ format: int32
+ example: 0
+ maxReminders:
+ type: integer
+ description: Maximum number of reminder notification to send to the reviewer before approval escalation.
+ format: int32
+ example: 0
+ fallbackApproverRef:
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ entitlementRequestConfig:
+ description: Entitlement Request Configuration.
+ type: object
+ properties:
+ allowEntitlementRequest:
+ type: boolean
+ description: Flag for allowing entitlement request.
+ example: true
+ requestCommentsRequired:
+ type: boolean
+ description: Flag for requiring comments while submitting an entitlement request.
+ default: false
+ example: false
+ deniedCommentsRequired:
+ type: boolean
+ description: Flag for requiring comments while rejecting an entitlement request.
+ default: false
+ example: false
+ grantRequestApprovalSchemes:
+ type: string
+ description: |
+ Approval schemes for granting entitlement request. This can be empty if no approval is needed.
+ Multiple schemes must be comma-separated. The valid schemes are "sourceOwner", "manager" and "workgroup:{id}".
+ Multiple workgroups (governance groups) can be used.
+ default: sourceOwner
+ example: 'sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ put:
+ operationId: updateAccessRequestConfig
+ summary: Update Access Request Configuration
+ tags:
+ - Access Requests
+ description: |-
+ This endpoint replaces the current access-request configuration.
+ A token with ORG_ADMIN authority is required to call this API.
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ approvalsMustBeExternal:
+ type: boolean
+ description: 'If true, then approvals must be processed by external system.'
+ example: true
+ autoApprovalEnabled:
+ type: boolean
+ description: 'If true and requester and reviewer are the same, then automatically approve the approval.'
+ example: true
+ requestOnBehalfOfConfig:
+ description: Request On Behalf Of Configuration.
+ type: object
+ properties:
+ allowRequestOnBehalfOfAnyoneByAnyone:
+ type: boolean
+ description: If anyone can request access for anyone.
+ example: true
+ allowRequestOnBehalfOfEmployeeByManager:
+ type: boolean
+ description: If a manager can request access for his/her direct reports.
+ example: true
+ approvalReminderAndEscalationConfig:
+ description: Approval Reminder and Escalation Configuration.
+ type: object
+ properties:
+ daysUntilEscalation:
+ type: integer
+ description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.'
+ format: int32
+ example: 0
+ daysBetweenReminders:
+ type: integer
+ description: Number of days to wait between reminder notifications.
+ format: int32
+ example: 0
+ maxReminders:
+ type: integer
+ description: Maximum number of reminder notification to send to the reviewer before approval escalation.
+ format: int32
+ example: 0
+ fallbackApproverRef:
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ entitlementRequestConfig:
+ description: Entitlement Request Configuration.
+ type: object
+ properties:
+ allowEntitlementRequest:
+ type: boolean
+ description: Flag for allowing entitlement request.
+ example: true
+ requestCommentsRequired:
+ type: boolean
+ description: Flag for requiring comments while submitting an entitlement request.
+ default: false
+ example: false
+ deniedCommentsRequired:
+ type: boolean
+ description: Flag for requiring comments while rejecting an entitlement request.
+ default: false
+ example: false
+ grantRequestApprovalSchemes:
+ type: string
+ description: |
+ Approval schemes for granting entitlement request. This can be empty if no approval is needed.
+ Multiple schemes must be comma-separated. The valid schemes are "sourceOwner", "manager" and "workgroup:{id}".
+ Multiple workgroups (governance groups) can be used.
+ default: sourceOwner
+ example: 'sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584'
+ responses:
+ '200':
+ description: Access Request Configuration Details.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ approvalsMustBeExternal:
+ type: boolean
+ description: 'If true, then approvals must be processed by external system.'
+ example: true
+ autoApprovalEnabled:
+ type: boolean
+ description: 'If true and requester and reviewer are the same, then automatically approve the approval.'
+ example: true
+ requestOnBehalfOfConfig:
+ description: Request On Behalf Of Configuration.
+ type: object
+ properties:
+ allowRequestOnBehalfOfAnyoneByAnyone:
+ type: boolean
+ description: If anyone can request access for anyone.
+ example: true
+ allowRequestOnBehalfOfEmployeeByManager:
+ type: boolean
+ description: If a manager can request access for his/her direct reports.
+ example: true
+ approvalReminderAndEscalationConfig:
+ description: Approval Reminder and Escalation Configuration.
+ type: object
+ properties:
+ daysUntilEscalation:
+ type: integer
+ description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.'
+ format: int32
+ example: 0
+ daysBetweenReminders:
+ type: integer
+ description: Number of days to wait between reminder notifications.
+ format: int32
+ example: 0
+ maxReminders:
+ type: integer
+ description: Maximum number of reminder notification to send to the reviewer before approval escalation.
+ format: int32
+ example: 0
+ fallbackApproverRef:
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ entitlementRequestConfig:
+ description: Entitlement Request Configuration.
+ type: object
+ properties:
+ allowEntitlementRequest:
+ type: boolean
+ description: Flag for allowing entitlement request.
+ example: true
+ requestCommentsRequired:
+ type: boolean
+ description: Flag for requiring comments while submitting an entitlement request.
+ default: false
+ example: false
+ deniedCommentsRequired:
+ type: boolean
+ description: Flag for requiring comments while rejecting an entitlement request.
+ default: false
+ example: false
+ grantRequestApprovalSchemes:
+ type: string
+ description: |
+ Approval schemes for granting entitlement request. This can be empty if no approval is needed.
+ Multiple schemes must be comma-separated. The valid schemes are "sourceOwner", "manager" and "workgroup:{id}".
+ Multiple workgroups (governance groups) can be used.
+ default: sourceOwner
+ example: 'sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /access-request-status:
+ get:
+ operationId: listAccessRequestStatus
+ tags:
+ - Access Requests
+ summary: Access Request Status
+ description: |-
+ The Access Request Status API returns a list of access request statuses based on the specified query parameters.
+ Any token with any authority can request their own status. A token with ORG_ADMIN authority is required to call this API to get a list of statuses for other users.
+ parameters:
+ - in: query
+ name: requested-for
+ schema:
+ type: string
+ example: 2c9180877b2b6ea4017b2c545f971429
+ description: Filter the results by the identity for which the requests were made. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
+ required: false
+ - in: query
+ name: requested-by
+ schema:
+ type: string
+ example: 2c9180877b2b6ea4017b2c545f971429
+ description: Filter the results by the identity that made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
+ required: false
+ - in: query
+ name: regarding-identity
+ schema:
+ type: string
+ example: 2c9180877b2b6ea4017b2c545f971429
+ description: Filter the results by the specified identity which is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.
+ required: false
+ - in: query
+ name: count
+ description: If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+ required: false
+ schema:
+ type: boolean
+ default: false
+ example: false
+ - in: query
+ name: limit
+ description: Max number of results to return.
+ required: false
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ example: 100
+ - in: query
+ name: offset
+ description: Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.
+ required: false
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ example: 10
+ - in: query
+ name: filters
+ schema:
+ type: string
+ example: accountActivityItemId eq "2c918086771c86df0177401efcdf54c0"
+ description: |-
+ Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+
+ Filtering is supported for the following fields and operators:
+
+ **accountActivityItemId**: *eq, in*
+ - in: query
+ name: sorters
+ schema:
+ type: string
+ format: comma-separated
+ description: |-
+ Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+
+ Sorting is supported for the following fields: **created, modified, accountActivityItemId**
+ example: created
+ responses:
+ '200':
+ description: List of requested item status.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: Human-readable display name of the item being requested.
+ example: AccessProfile1
+ type:
+ type: string
+ enum:
+ - ACCESS_PROFILE
+ - ROLE
+ - ENTITLEMENT
+ description: Type of requested object.
+ example: ACCESS_PROFILE
+ cancelledRequestDetails:
+ type: object
+ properties:
+ comment:
+ type: string
+ description: Comment made by the owner when cancelling the associated request.
+ example: Nisl quis ipsum quam quisque condimentum nunc ut dolor nunc.
+ owner:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ modified:
+ type: string
+ format: date-time
+ description: Date comment was added by the owner when cancelling the associated request
+ example: '2019-12-20T09:17:12.192Z'
+ description: Provides additional details for a request that has been cancelled.
+ errorMessages:
+ type: array
+ items:
+ type: array
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ description: 'List of list of localized error messages, if any, encountered during the approval/provisioning process.'
+ state:
+ type: string
+ enum:
+ - EXECUTING
+ - REQUEST_COMPLETED
+ - CANCELLED
+ - TERMINATED
+ - PROVISIONING_VERIFICATION_PENDING
+ - REJECTED
+ - PROVISIONING_FAILED
+ - NOT_ALL_ITEMS_PROVISIONED
+ - ERROR
+ description: |-
+ Indicates the state of an access request:
+ * EXECUTING: The request is executing, which indicates the system is doing some processing.
+ * REQUEST_COMPLETED: Indicates the request has been completed.
+ * CANCELLED: The request was cancelled with no user input.
+ * TERMINATED: The request has been terminated before it was able to complete.
+ * PROVISIONING_VERIFICATION_PENDING: The request has finished any approval steps and provisioning is waiting to be verified.
+ * REJECTED: The request was rejected.
+ * PROVISIONING_FAILED: The request has failed to complete.
+ * NOT_ALL_ITEMS_PROVISIONED: One or more of the requested items failed to complete, but there were one or more successes.
+ * ERROR: An error occurred during request processing.
+ example: EXECUTING
+ approvalDetails:
+ type: array
+ items:
+ type: object
+ properties:
+ forwarded:
+ type: boolean
+ description: True if the request for this item was forwarded from one owner to another.
+ originalOwner:
+ description: 'Base identity/workgroup reference object representing the original owner, if forwarded.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ currentOwner:
+ description: Base reference of approver that will make decision.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ reviewedBy:
+ description: The identity who has reviewed the approval.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ modified:
+ type: string
+ format: date-time
+ description: Time at which item was modified.
+ example: '2019-08-23T18:52:57.398Z'
+ status:
+ type: string
+ enum:
+ - PENDING
+ - APPROVED
+ - REJECTED
+ - EXPIRED
+ - CANCELLED
+ - ARCHIVED
+ description: |-
+ Indicates the state of the request processing for this item:
+ * PENDING: The request for this item is awaiting processing.
+ * APPROVED: The request for this item has been approved.
+ * REJECTED: The request for this item was rejected.
+ * EXPIRED: The request for this item expired with no action taken.
+ * CANCELLED: The request for this item was cancelled with no user action.
+ * ARCHIVED: The request for this item has been archived after completion.
+ example: PENDING
+ scheme:
+ type: string
+ enum:
+ - APP_OWNER
+ - SOURCE_OWNER
+ - MANAGER
+ - ROLE_OWNER
+ - ACCESS_PROFILE_OWNER
+ - GOVERNANCE_GROUP
+ description: Describes the individual or group that is responsible for an approval step.
+ errorMessages:
+ type: array
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ description: 'If the request failed, includes any error messages that were generated.'
+ comment:
+ type: string
+ description: 'Comment, if any, provided by the approver.'
+ removeDate:
+ type: string
+ description: The date the role or access profile is no longer assigned to the specified identity.
+ format: date-time
+ example: '2020-07-11T00:00:00Z'
+ description: Approval details for each item.
+ manualWorkItemDetails:
+ type: array
+ items:
+ type: object
+ properties:
+ forwarded:
+ type: boolean
+ description: True if the request for this item was forwarded from one owner to another.
+ example: true
+ originalOwner:
+ description: 'Base identity/workgroup reference object representing the original owner, if forwarded.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ currentOwner:
+ description: Base reference of approver that will make decision.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ modified:
+ type: string
+ format: date-time
+ description: Time at which item was modified.
+ example: '2019-08-23T18:52:57.398Z'
+ status:
+ type: string
+ enum:
+ - PENDING
+ - APPROVED
+ - REJECTED
+ - EXPIRED
+ - CANCELLED
+ - ARCHIVED
+ description: |-
+ Indicates the state of the request processing for this item:
+ * PENDING: The request for this item is awaiting processing.
+ * APPROVED: The request for this item has been approved.
+ * REJECTED: The request for this item was rejected.
+ * EXPIRED: The request for this item expired with no action taken.
+ * CANCELLED: The request for this item was cancelled with no user action.
+ * ARCHIVED: The request for this item has been archived after completion.
+ example: PENDING
+ description: Manual work items created for provisioning the item.
+ accountActivityItemId:
+ type: string
+ description: Id of associated account activity item.
+ example: 2c9180926cbfbddd016cbfc7c3b10010
+ requestType:
+ type: string
+ enum:
+ - GRANT_ACCESS
+ - REVOKE_ACCESS
+ description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field. Currently REVOKE_ACCESS is not supported for entitlements.
+ example: GRANT_ACCESS
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2019-08-23T18:40:35.772Z'
+ requester:
+ description: The identity that requested the item.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ requestedFor:
+ description: The identity for whom the Access Request Status is requested for.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ requesterComment:
+ description: The requester's comment.
+ type: object
+ properties:
+ comment:
+ type: string
+ description: Content of the comment
+ example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat
+ author:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the author
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the identity making the comment
+ example: Adam Kennedy
+ created:
+ type: string
+ format: date-time
+ description: Date and time comment was created
+ example: '2017-07-11T18:45:37.098Z'
+ sodViolationContext:
+ description: The details of the SOD violations for the associated approval.
+ type: object
+ properties:
+ state:
+ type: string
+ enum:
+ - SUCCESS
+ - ERROR
+ description: The status of SOD violation check
+ example: SUCCESS
+ uuid:
+ description: The id of the Violation check event
+ type: string
+ example: f73d16e9-a038-46c5-b217-1246e15fdbdd
+ violationCheckResult:
+ description: The inner object representing the completed SOD Violation check
+ type: object
+ properties:
+ message:
+ description: 'If the request failed, includes any error message that was generated.'
+ example:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An error has occurred during the SOD violation check
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ clientMetadata:
+ type: object
+ additionalProperties:
+ type: string
+ description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.
+ example:
+ requestedAppName: test-app
+ requestedAppId: 2c91808f7892918f0178b78da4a305a1
+ violationContexts:
+ type: array
+ items:
+ description: The contextual information of the violated criteria
+ type: object
+ properties:
+ policy:
+ description: Reference to the Policy that is being violated.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ conflictingAccessCriteria:
+ type: object
+ description: The object which contains the left and right hand side of the entitlements that got violated according to the policy.
+ properties:
+ leftCriteria:
+ type: object
+ properties:
+ criteriaList:
+ type: array
+ items:
+ description: Details of the Entitlement criteria
+ type: object
+ properties:
+ existing:
+ type: boolean
+ example: true
+ description: If the entitlement already belonged to the user or not.
+ type:
+ example: ENTITLEMENT
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ id:
+ type: string
+ description: Entitlement ID
+ example: 2c918085771e9d3301773b3cb66f6398
+ name:
+ type: string
+ description: Entitlement name
+ example: My HR Entitlement
+ rightCriteria:
+ type: object
+ properties:
+ criteriaList:
+ type: array
+ items:
+ description: Details of the Entitlement criteria
+ type: object
+ properties:
+ existing:
+ type: boolean
+ example: true
+ description: If the entitlement already belonged to the user or not.
+ type:
+ example: ENTITLEMENT
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ id:
+ type: string
+ description: Entitlement ID
+ example: 2c918085771e9d3301773b3cb66f6398
+ name:
+ type: string
+ description: Entitlement name
+ example: My HR Entitlement
+ violatedPolicies:
+ type: array
+ description: A list of the Policies that were violated
+ items:
+ description: Reference to the policy that was violated
+ example:
+ - type: SOD_POLICY
+ id: 69129440-422d-4a23-aadd-35c828d5bfda
+ name: HR Policy
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ provisioningDetails:
+ type: object
+ properties:
+ orderedSubPhaseReferences:
+ type: string
+ description: 'Ordered CSV of sub phase references to objects that contain more information about provisioning. For example, this can contain "manualWorkItemDetails" which indicate that there is further information in that object for this phase.'
+ example: manualWorkItemDetails
+ description: Provides additional details about provisioning for this request.
+ preApprovalTriggerDetails:
+ type: object
+ properties:
+ comment:
+ type: string
+ description: Comment left for the pre-approval decision
+ example: Access is Approved
+ reviewer:
+ type: string
+ description: The reviewer of the pre-approval decision
+ example: John Doe
+ decision:
+ type: string
+ enum:
+ - APPROVED
+ - REJECTED
+ description: The decision of the pre-approval trigger
+ example: APPROVED
+ description: Provides additional details about the pre-approval trigger for this request.
+ accessRequestPhases:
+ type: array
+ items:
+ type: object
+ properties:
+ started:
+ type: string
+ description: The time that this phase started.
+ format: date-time
+ example: '2020-07-11T00:00:00Z'
+ finished:
+ type: string
+ description: The time that this phase finished.
+ format: date-time
+ example: '2020-07-12T00:00:00Z'
+ name:
+ type: string
+ description: The name of this phase.
+ example: APPROVAL_PHASE
+ state:
+ type: string
+ enum:
+ - PENDING
+ - EXECUTING
+ - COMPLETED
+ - CANCELLED
+ description: The state of this phase.
+ example: COMPLETED
+ result:
+ type: string
+ enum:
+ - SUCCESSFUL
+ - FAILED
+ description: The state of this phase.
+ example: SUCCESSFUL
+ phaseReference:
+ type: string
+ description: 'A reference to another object on the RequestedItemStatus that contains more details about the phase. Note that for the Provisioning phase, this will be empty if there are no manual work items.'
+ example: approvalDetails
+ description: Provides additional details about this access request phase.
+ description: 'A list of Phases that the Access Request has gone through in order, to help determine the status of the request.'
+ description:
+ type: string
+ description: Description associated to the requested object.
+ example: This is the Engineering role that engineers are granted.
+ removeDate:
+ type: string
+ format: date-time
+ description: When the role access is scheduled for removal.
+ example: '2019-10-23T00:00:00.000Z'
+ cancelable:
+ type: boolean
+ description: True if the request can be canceled.
+ example: true
+ accessRequestId:
+ type: string
+ format: uuid
+ description: This is the account activity id.
+ example: ef38f94347e94562b5bb8424a56397d8
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /access-request-approvals/pending:
+ get:
+ operationId: listPendingApprovals
+ summary: Pending Access Request Approvals List
+ tags:
+ - Access Request Approvals
+ description: This endpoint returns a list of pending approvals. See "owner-id" query parameter below for authorization info.
+ parameters:
+ - in: query
+ name: owner-id
+ schema:
+ type: string
+ description: |-
+ If present, the value returns only pending approvals for the specified identity.
+ * ORG_ADMIN users can call this with any identity ID value.
+ * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.
+ * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value.
+ example: 2c91808568c529c60168cca6f90c1313
+ required: false
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: filters
+ required: false
+ schema:
+ type: string
+ description: |-
+ Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+
+ Filtering is supported for the following fields and operators:
+
+ **id**: *eq, in*
+
+ **requestedFor.id**: *eq, in*
+
+ **modified**: *gt, lt, ge, le*
+ example: id eq "2c91808568c529c60168cca6f90c1313"
+ - in: query
+ name: sorters
+ required: false
+ schema:
+ type: string
+ format: comma-separated
+ description: |-
+ Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+
+ Sorting is supported for the following fields: **created, modified**
+ example: modified
+ responses:
+ '200':
+ description: List of Pending Approvals.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The approval id.
+ example: id12345
+ name:
+ type: string
+ description: The name of the approval.
+ example: aName
+ created:
+ type: string
+ format: date-time
+ description: When the approval was created.
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ description: When the approval was modified last time.
+ example: '2018-07-25T20:22:28.104Z'
+ requestCreated:
+ type: string
+ format: date-time
+ description: When the access-request was created.
+ example: '2017-07-11T18:45:35.098Z'
+ requestType:
+ description: If the access-request was for granting or revoking access.
+ type: string
+ enum:
+ - GRANT_ACCESS
+ - REVOKE_ACCESS
+ example: GRANT_ACCESS
+ requester:
+ description: The identity that requested the item.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ requestedFor:
+ description: The identity for whom the item is requested for.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ owner:
+ description: The owner or approver of the approval.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ requestedObject:
+ description: The requested access item.
+ type: object
+ properties:
+ id:
+ type: string
+ description: Id of the object.
+ example: 2c9180835d2e5168015d32f890ca1581
+ name:
+ type: string
+ description: Name of the object.
+ example: Applied Research Access
+ description:
+ type: string
+ description: Description of the object.
+ example: 'Access to research information, lab results, and schematics'
+ type:
+ type: string
+ enum:
+ - ACCESS_PROFILE
+ - ROLE
+ - ENTITLEMENT
+ description: Type of the object.
+ example: ROLE
+ requesterComment:
+ description: The requester's comment.
+ type: object
+ properties:
+ comment:
+ type: string
+ description: Content of the comment
+ example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat
+ author:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the author
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the identity making the comment
+ example: Adam Kennedy
+ created:
+ type: string
+ format: date-time
+ description: Date and time comment was created
+ example: '2017-07-11T18:45:37.098Z'
+ previousReviewersComments:
+ type: array
+ items:
+ type: object
+ properties:
+ comment:
+ type: string
+ description: Content of the comment
+ example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat
+ author:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the author
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the identity making the comment
+ example: Adam Kennedy
+ created:
+ type: string
+ format: date-time
+ description: Date and time comment was created
+ example: '2017-07-11T18:45:37.098Z'
+ description: The history of the previous reviewers comments.
+ forwardHistory:
+ type: array
+ items:
+ type: object
+ properties:
+ oldApproverName:
+ type: string
+ description: Display name of approver that forwarded the approval.
+ example: frank.mir
+ newApproverName:
+ type: string
+ description: Display name of approver to whom the approval was forwarded.
+ example: al.volta
+ comment:
+ type: string
+ description: Comment made by old approver when forwarding.
+ example: Fusce id orci vel consectetur amet ipsum quam.
+ modified:
+ type: string
+ format: date-time
+ description: Time at which approval was forwarded.
+ example: '2019-08-23T18:52:57.398Z'
+ description: The history of approval forward action.
+ commentRequiredWhenRejected:
+ type: boolean
+ description: When true the rejector has to provide comments when rejecting
+ example: true
+ actionInProcess:
+ description: 'Action that is performed on this approval, and system has not finished performing that action yet.'
+ type: string
+ enum:
+ - APPROVED
+ - REJECTED
+ - FORWARDED
+ example: APPROVED
+ removeDate:
+ type: string
+ description: The date the role or access profile is no longer assigned to the specified identity.
+ format: date-time
+ example: '2020-07-11T00:00:00Z'
+ removeDateUpdateRequested:
+ type: boolean
+ description: 'If true, then the request is to change the remove date or sunset date.'
+ example: true
+ currentRemoveDate:
+ type: string
+ description: The remove date or sunset date that was assigned at the time of the request.
+ format: date-time
+ example: '2020-07-11T00:00:00Z'
+ sodViolationContext:
+ description: The details of the SOD violations for the associated approval.
+ type: object
+ properties:
+ state:
+ type: string
+ enum:
+ - SUCCESS
+ - ERROR
+ description: The status of SOD violation check
+ example: SUCCESS
+ uuid:
+ description: The id of the Violation check event
+ type: string
+ example: f73d16e9-a038-46c5-b217-1246e15fdbdd
+ violationCheckResult:
+ description: The inner object representing the completed SOD Violation check
+ type: object
+ properties:
+ message:
+ description: 'If the request failed, includes any error message that was generated.'
+ example:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An error has occurred during the SOD violation check
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ clientMetadata:
+ type: object
+ additionalProperties:
+ type: string
+ description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.
+ example:
+ requestedAppName: test-app
+ requestedAppId: 2c91808f7892918f0178b78da4a305a1
+ violationContexts:
+ type: array
+ items:
+ description: The contextual information of the violated criteria
+ type: object
+ properties:
+ policy:
+ description: Reference to the Policy that is being violated.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ conflictingAccessCriteria:
+ type: object
+ description: The object which contains the left and right hand side of the entitlements that got violated according to the policy.
+ properties:
+ leftCriteria:
+ type: object
+ properties:
+ criteriaList:
+ type: array
+ items:
+ description: Details of the Entitlement criteria
+ type: object
+ properties:
+ existing:
+ type: boolean
+ example: true
+ description: If the entitlement already belonged to the user or not.
+ type:
+ example: ENTITLEMENT
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ id:
+ type: string
+ description: Entitlement ID
+ example: 2c918085771e9d3301773b3cb66f6398
+ name:
+ type: string
+ description: Entitlement name
+ example: My HR Entitlement
+ rightCriteria:
+ type: object
+ properties:
+ criteriaList:
+ type: array
+ items:
+ description: Details of the Entitlement criteria
+ type: object
+ properties:
+ existing:
+ type: boolean
+ example: true
+ description: If the entitlement already belonged to the user or not.
+ type:
+ example: ENTITLEMENT
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ id:
+ type: string
+ description: Entitlement ID
+ example: 2c918085771e9d3301773b3cb66f6398
+ name:
+ type: string
+ description: Entitlement name
+ example: My HR Entitlement
+ violatedPolicies:
+ type: array
+ description: A list of the Policies that were violated
+ items:
+ description: Reference to the policy that was violated
+ example:
+ - type: SOD_POLICY
+ id: 69129440-422d-4a23-aadd-35c828d5bfda
+ name: HR Policy
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /access-request-approvals/completed:
+ get:
+ operationId: listCompletedApprovals
+ summary: Completed Access Request Approvals List
+ tags:
+ - Access Request Approvals
+ description: This endpoint returns list of completed approvals. See *owner-id* query parameter below for authorization info.
+ parameters:
+ - in: query
+ name: owner-id
+ required: false
+ schema:
+ type: string
+ description: |-
+ If present, the value returns only completed approvals for the specified identity.
+ * ORG_ADMIN users can call this with any identity ID value.
+ * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.
+ * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value.
+ example: 2c91808568c529c60168cca6f90c1313
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: filters
+ required: false
+ schema:
+ type: string
+ description: |-
+ Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+
+ Filtering is supported for the following fields and operators:
+
+ **id**: *eq, in*
+
+ **requestedFor.id**: *eq, in*
+
+ **modified**: *gt, lt, ge, le*
+ example: id eq "2c91808568c529c60168cca6f90c1313"
+ - in: query
+ name: sorters
+ required: false
+ schema:
+ type: string
+ format: comma-separated
+ description: |-
+ Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+
+ Sorting is supported for the following fields: **created, modified**
+ example: modified
+ responses:
+ '200':
+ description: List of Completed Approvals.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The approval id.
+ example: id12345
+ name:
+ type: string
+ description: The name of the approval.
+ example: aName
+ created:
+ type: string
+ format: date-time
+ description: When the approval was created.
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ description: When the approval was modified last time.
+ example: '2018-07-25T20:22:28.104Z'
+ requestCreated:
+ type: string
+ format: date-time
+ description: When the access-request was created.
+ example: '2017-07-11T18:45:35.098Z'
+ requestType:
+ description: If the access-request was for granting or revoking access.
+ type: string
+ enum:
+ - GRANT_ACCESS
+ - REVOKE_ACCESS
+ example: GRANT_ACCESS
+ requester:
+ description: The identity that requested the item.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ requestedFor:
+ description: The identity for whom the item is requested for.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ reviewedBy:
+ description: The identity who has reviewed the approval.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ owner:
+ description: The owner or approver of the approval.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ requestedObject:
+ description: The requested access item.
+ type: object
+ properties:
+ id:
+ type: string
+ description: Id of the object.
+ example: 2c9180835d2e5168015d32f890ca1581
+ name:
+ type: string
+ description: Name of the object.
+ example: Applied Research Access
+ description:
+ type: string
+ description: Description of the object.
+ example: 'Access to research information, lab results, and schematics'
+ type:
+ type: string
+ enum:
+ - ACCESS_PROFILE
+ - ROLE
+ - ENTITLEMENT
+ description: Type of the object.
+ example: ROLE
+ requesterComment:
+ description: The requester's comment.
+ type: object
+ properties:
+ comment:
+ type: string
+ description: Content of the comment
+ example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat
+ author:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the author
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the identity making the comment
+ example: Adam Kennedy
+ created:
+ type: string
+ format: date-time
+ description: Date and time comment was created
+ example: '2017-07-11T18:45:37.098Z'
+ reviewerComment:
+ description: The approval's reviewer's comment.
+ type: object
+ properties:
+ comment:
+ type: string
+ description: Content of the comment
+ example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat
+ author:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the author
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the identity making the comment
+ example: Adam Kennedy
+ created:
+ type: string
+ format: date-time
+ description: Date and time comment was created
+ example: '2017-07-11T18:45:37.098Z'
+ previousReviewersComments:
+ type: array
+ items:
+ type: object
+ properties:
+ comment:
+ type: string
+ description: Content of the comment
+ example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat
+ author:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the author
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the identity making the comment
+ example: Adam Kennedy
+ created:
+ type: string
+ format: date-time
+ description: Date and time comment was created
+ example: '2017-07-11T18:45:37.098Z'
+ description: The history of the previous reviewers comments.
+ forwardHistory:
+ type: array
+ items:
+ type: object
+ properties:
+ oldApproverName:
+ type: string
+ description: Display name of approver that forwarded the approval.
+ example: frank.mir
+ newApproverName:
+ type: string
+ description: Display name of approver to whom the approval was forwarded.
+ example: al.volta
+ comment:
+ type: string
+ description: Comment made by old approver when forwarding.
+ example: Fusce id orci vel consectetur amet ipsum quam.
+ modified:
+ type: string
+ format: date-time
+ description: Time at which approval was forwarded.
+ example: '2019-08-23T18:52:57.398Z'
+ description: The history of approval forward action.
+ commentRequiredWhenRejected:
+ type: boolean
+ description: When true the rejector has to provide comments when rejecting
+ example: true
+ state:
+ description: The final state of the approval
+ type: string
+ enum:
+ - APPROVED
+ - REJECTED
+ example: APPROVED
+ removeDate:
+ type: string
+ description: The date the role or access profile is no longer assigned to the specified identity.
+ format: date-time
+ example: '2020-07-11T00:00:00Z'
+ removeDateUpdateRequested:
+ type: boolean
+ description: 'If true, then the request was to change the remove date or sunset date.'
+ example: true
+ currentRemoveDate:
+ type: string
+ description: The remove date or sunset date that was assigned at the time of the request.
+ format: date-time
+ example: '2020-07-11T00:00:00Z'
+ sodViolationContext:
+ description: The details of the SOD violations for the associated approval.
+ type: object
+ properties:
+ state:
+ type: string
+ enum:
+ - SUCCESS
+ - ERROR
+ description: The status of SOD violation check
+ example: SUCCESS
+ uuid:
+ description: The id of the Violation check event
+ type: string
+ example: f73d16e9-a038-46c5-b217-1246e15fdbdd
+ violationCheckResult:
+ description: The inner object representing the completed SOD Violation check
+ type: object
+ properties:
+ message:
+ description: 'If the request failed, includes any error message that was generated.'
+ example:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An error has occurred during the SOD violation check
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ clientMetadata:
+ type: object
+ additionalProperties:
+ type: string
+ description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.
+ example:
+ requestedAppName: test-app
+ requestedAppId: 2c91808f7892918f0178b78da4a305a1
+ violationContexts:
+ type: array
+ items:
+ description: The contextual information of the violated criteria
+ type: object
+ properties:
+ policy:
+ description: Reference to the Policy that is being violated.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ conflictingAccessCriteria:
+ type: object
+ description: The object which contains the left and right hand side of the entitlements that got violated according to the policy.
+ properties:
+ leftCriteria:
+ type: object
+ properties:
+ criteriaList:
+ type: array
+ items:
+ description: Details of the Entitlement criteria
+ type: object
+ properties:
+ existing:
+ type: boolean
+ example: true
+ description: If the entitlement already belonged to the user or not.
+ type:
+ example: ENTITLEMENT
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ id:
+ type: string
+ description: Entitlement ID
+ example: 2c918085771e9d3301773b3cb66f6398
+ name:
+ type: string
+ description: Entitlement name
+ example: My HR Entitlement
+ rightCriteria:
+ type: object
+ properties:
+ criteriaList:
+ type: array
+ items:
+ description: Details of the Entitlement criteria
+ type: object
+ properties:
+ existing:
+ type: boolean
+ example: true
+ description: If the entitlement already belonged to the user or not.
+ type:
+ example: ENTITLEMENT
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ id:
+ type: string
+ description: Entitlement ID
+ example: 2c918085771e9d3301773b3cb66f6398
+ name:
+ type: string
+ description: Entitlement name
+ example: My HR Entitlement
+ violatedPolicies:
+ type: array
+ description: A list of the Policies that were violated
+ items:
+ description: Reference to the policy that was violated
+ example:
+ - type: SOD_POLICY
+ id: 69129440-422d-4a23-aadd-35c828d5bfda
+ name: HR Policy
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/access-request-approvals/{approvalId}/approve':
+ post:
+ operationId: approveRequest
+ summary: Approves an access request approval.
+ tags:
+ - Access Request Approvals
+ description: This endpoint approves an access request approval. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action.
+ parameters:
+ - in: path
+ name: approvalId
+ schema:
+ type: string
+ required: true
+ description: The id of the approval.
+ example: 2c91808b7294bea301729568c68c002e
+ requestBody:
+ description: Reviewer's comment.
+ required: false
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ comment:
+ type: string
+ description: Content of the comment
+ example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat
+ author:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the author
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the identity making the comment
+ example: Adam Kennedy
+ created:
+ type: string
+ format: date-time
+ description: Date and time comment was created
+ example: '2017-07-11T18:45:37.098Z'
+ responses:
+ '202':
+ description: Accepted - Returned if the request was successfully accepted into the system.
+ content:
+ application/json:
+ schema:
+ type: object
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/access-request-approvals/{approvalId}/reject':
+ post:
+ operationId: rejectRequest
+ summary: Rejects an access request approval.
+ tags:
+ - Access Request Approvals
+ description: This endpoint rejects an access request approval. Only the owner of the approval and admin users are allowed to perform this action.
+ parameters:
+ - in: path
+ name: approvalId
+ schema:
+ type: string
+ required: true
+ description: The id of the approval.
+ example: 2c91808b7294bea301729568c68c002e
+ requestBody:
+ description: Reviewer's comment.
+ required: false
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ comment:
+ type: string
+ description: Content of the comment
+ example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat
+ author:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the author
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the identity making the comment
+ example: Adam Kennedy
+ created:
+ type: string
+ format: date-time
+ description: Date and time comment was created
+ example: '2017-07-11T18:45:37.098Z'
+ responses:
+ '202':
+ description: Accepted - Returned if the request was successfully accepted into the system.
+ content:
+ application/json:
+ schema:
+ type: object
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/access-request-approvals/{approvalId}/forward':
+ post:
+ operationId: forwardRequest
+ summary: Forwards an access request approval.
+ tags:
+ - Access Request Approvals
+ description: This endpoint forwards an access request approval to a new owner. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action.
+ parameters:
+ - in: path
+ name: approvalId
+ schema:
+ type: string
+ required: true
+ description: The id of the approval.
+ example: 2c91808b7294bea301729568c68c002e
+ requestBody:
+ description: Information about the forwarded approval.
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ required:
+ - newOwnerId
+ - comment
+ properties:
+ newOwnerId:
+ type: string
+ description: The Id of the new owner
+ example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat
+ minLength: 1
+ maxLength: 255
+ comment:
+ type: string
+ description: The comment provided by the forwarder
+ example: 2c91808568c529c60168cca6f90c1313
+ minLength: 1
+ maxLength: 255
+ responses:
+ '202':
+ description: Accepted - Returned if the request was successfully accepted into the system.
+ content:
+ application/json:
+ schema:
+ type: object
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /access-request-approvals/approval-summary:
+ get:
+ operationId: approvalSummary
+ summary: Get the number of access-requests-approvals
+ tags:
+ - Access Request Approvals
+ description: 'This endpoint returns the number of pending, approved and rejected access requests approvals. See "owner-id" query parameter below for authorization info.'
+ parameters:
+ - in: query
+ name: owner-id
+ schema:
+ type: string
+ description: |-
+ The id of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity.
+ * ORG_ADMIN users can call this with any identity ID value.
+ * ORG_ADMIN user can also fetch all the approvals in the org, when owner-id is not used.
+ * Non ORG_ADMIN users can only specify *me* or pass their own identity ID value.
+ example: 2c91808568c529c60168cca6f90c1313
+ - in: query
+ name: from-date
+ schema:
+ type: string
+ description: From date is the date and time from which the results will be shown. It should be in a valid ISO-8601 format
+ example: 'from-date=2020-03-19T19:59:11Z'
+ responses:
+ '200':
+ description: 'Number of pending, approved, rejected access request approvals.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ pending:
+ type: integer
+ description: The number of pending access requests approvals.
+ format: int32
+ example: 0
+ approved:
+ type: integer
+ description: The number of approved access requests approvals.
+ format: int32
+ example: 0
+ rejected:
+ type: integer
+ description: The number of rejected access requests approvals.
+ format: int32
+ example: 0
+ '400':
+ description: Client Error - Returned if the query parameter is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /accounts:
+ get:
+ operationId: listAccounts
+ tags:
+ - Accounts
+ summary: Accounts List
+ description: |-
+ This returns a list of accounts.
+ A token with ORG_ADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:account-list:read'
+ parameters:
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: filters
+ schema:
+ type: string
+ example: identityId eq "2c9180858082150f0180893dbaf44201"
+ description: |-
+ Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+
+ Filtering is supported for the following fields and operators:
+
+ **id**: *eq, in*
+
+ **identityId**: *eq*
+
+ **name**: *eq, in*
+
+ **nativeIdentity**: *eq, in*
+
+ **sourceId**: *eq, in*
+
+ **uncorrelated**: *eq*
+ responses:
+ '200':
+ description: List of account objects
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ properties:
+ sourceId:
+ type: string
+ example: 2c9180835d2e5168015d32f890ca1581
+ identityId:
+ type: string
+ example: 2c9180835d2e5168015d32f890ca1581
+ attributes:
+ type: object
+ authoritative:
+ type: boolean
+ description:
+ type: string
+ disabled:
+ type: boolean
+ locked:
+ type: boolean
+ nativeIdentity:
+ type: string
+ systemAccount:
+ type: boolean
+ uncorrelated:
+ type: boolean
+ uuid:
+ type: string
+ manuallyCorrelated:
+ type: boolean
+ hasEntitlements:
+ type: boolean
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ post:
+ operationId: createAccount
+ tags:
+ - Accounts
+ summary: Create Account
+ description: |-
+ This API submits an account creation task and returns the task ID.
+ A token with ORG_ADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:account:create'
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ required:
+ - attributes
+ properties:
+ attributes:
+ description: The schema attribute values for the account
+ type: object
+ required:
+ - sourceId
+ properties:
+ sourceId:
+ type: string
+ description: Target source to create an account
+ example: 34bfcbe116c9407464af37acbaf7a4dc
+ additionalProperties:
+ type: string
+ example:
+ sourceId: 34bfcbe116c9407464af37acbaf7a4dc
+ city: Austin
+ displayName: John Doe
+ userName: jdoe
+ sAMAccountName: jDoe
+ mail: john.doe@sailpoint.com
+ responses:
+ '202':
+ description: Async task details
+ content:
+ application/json:
+ schema:
+ description: Accounts async response containing details on started async process
+ required:
+ - id
+ type: object
+ properties:
+ id:
+ description: id of the task
+ type: string
+ example: 2c91808474683da6017468693c260195
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/accounts/{id}':
+ get:
+ operationId: getAccount
+ tags:
+ - Accounts
+ summary: Account Details
+ description: |-
+ This API returns the details for a single account based on the ID.
+ A token with ORG_ADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:account:read'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The account ID
+ example: ef38f94347e94562b5bb8424a56397d8
+ responses:
+ '200':
+ description: An account object
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ properties:
+ sourceId:
+ type: string
+ example: 2c9180835d2e5168015d32f890ca1581
+ identityId:
+ type: string
+ example: 2c9180835d2e5168015d32f890ca1581
+ attributes:
+ type: object
+ authoritative:
+ type: boolean
+ description:
+ type: string
+ disabled:
+ type: boolean
+ locked:
+ type: boolean
+ nativeIdentity:
+ type: string
+ systemAccount:
+ type: boolean
+ uncorrelated:
+ type: boolean
+ uuid:
+ type: string
+ manuallyCorrelated:
+ type: boolean
+ hasEntitlements:
+ type: boolean
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ patch:
+ operationId: updateAccount
+ tags:
+ - Accounts
+ summary: Update Account
+ description: |-
+ Use this API to modify the following fields:
+ * `identityId`
+
+ * `manuallyCorrelated`
+
+ >**NOTE: All other fields can not be modified.**
+
+ The request must provide a JSONPatch payload.
+
+ A token with ORG_ADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:account:update'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The account ID
+ example: ef38f94347e94562b5bb8424a56397d8
+ requestBody:
+ required: true
+ description: 'A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
+ content:
+ application/json-patch+json:
+ schema:
+ type: array
+ items:
+ type: object
+ example:
+ - op: replace
+ path: /identityId
+ value: 2c9180845d1edece015d27a975983e21
+ responses:
+ '202':
+ description: Accepted. Update request accepted and is in progress.
+ content:
+ application/json:
+ schema:
+ type: object
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ put:
+ operationId: putAccount
+ tags:
+ - Accounts
+ summary: Update Account
+ description: |-
+ This API submits an account update task and returns the task ID.
+ A token with ORG_ADMIN authority is required to call this API.
+ >**NOTE: The PUT Account API is designated only for Delimited File sources.**
+ security:
+ - oauth2:
+ - 'idn:account:update'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The account ID
+ example: ef38f94347e94562b5bb8424a56397d8
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ required:
+ - attributes
+ properties:
+ attributes:
+ description: The schema attribute values for the account
+ type: object
+ example:
+ city: Austin
+ displayName: John Doe
+ userName: jdoe
+ sAMAccountName: jDoe
+ mail: john.doe@sailpoint.com
+ responses:
+ '202':
+ description: Async task details
+ content:
+ application/json:
+ schema:
+ description: Accounts async response containing details on started async process
+ required:
+ - id
+ type: object
+ properties:
+ id:
+ description: id of the task
+ type: string
+ example: 2c91808474683da6017468693c260195
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ delete:
+ operationId: deleteAccount
+ tags:
+ - Accounts
+ summary: Delete Account
+ description: |-
+ This API submits an account delete task and returns the task ID. This operation can only be used on Flat File Sources. Any attempt to execute this request on the source of other type will result in an error response with a status code of 400.
+ A token with ORG_ADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:account:delete'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The account ID
+ example: ef38f94347e94562b5bb8424a56397d8
+ responses:
+ '202':
+ description: Async task details
+ content:
+ application/json:
+ schema:
+ description: Accounts async response containing details on started async process
+ required:
+ - id
+ type: object
+ properties:
+ id:
+ description: id of the task
+ type: string
+ example: 2c91808474683da6017468693c260195
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/accounts/{id}/entitlements':
+ get:
+ operationId: getAccountEntitlements
+ tags:
+ - Accounts
+ summary: Account Entitlements
+ description: |-
+ This API returns entitlements of the account.
+ A token with ORG_ADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:account-entitlement:read'
+ parameters:
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The account id
+ example: ef38f94347e94562b5bb8424a56397d8
+ responses:
+ '200':
+ description: An array of account entitlements
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ description: Entitlement object that represents entitlement
+ properties:
+ attribute:
+ description: Name of the entitlement attribute
+ type: string
+ example: authorizationType
+ value:
+ description: Raw value of the entitlement
+ type: string
+ example: 'CN=Users,dc=sailpoint,dc=com'
+ description:
+ description: Entitlment description
+ type: string
+ attributes:
+ description: Entitlement attributes
+ type: object
+ sourceSchemaObjectType:
+ description: Schema objectType on the given application that maps to an Account Group
+ type: string
+ example: group
+ privileged:
+ description: Determines if this Entitlement is privileged.
+ type: boolean
+ cloudGoverned:
+ description: Determines if this Entitlement is goverened in the cloud.
+ type: boolean
+ source:
+ description: Reference to the source this entitlment belongs to.
+ example:
+ - type: SOURCE
+ id: 2c9180835d191a86015d28455b4b232a
+ name: HR Active Directory
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/accounts/{id}/reload':
+ post:
+ operationId: reloadAccount
+ tags:
+ - Accounts
+ summary: Reload Account
+ description: |-
+ This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process.
+ A token with ORG_ADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:account:reload'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The account id
+ example: ef38f94347e94562b5bb8424a56397d8
+ responses:
+ '202':
+ description: Async task details
+ content:
+ application/json:
+ schema:
+ description: Accounts async response containing details on started async process
+ required:
+ - id
+ type: object
+ properties:
+ id:
+ description: id of the task
+ type: string
+ example: 2c91808474683da6017468693c260195
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/accounts/{id}/enable':
+ post:
+ operationId: enableAccount
+ tags:
+ - Accounts
+ summary: Enable Account
+ description: |-
+ This API submits a task to enable account and returns the task ID.
+ A token with ORG_ADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:account:enable'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The account id
+ example: ef38f94347e94562b5bb8424a56397d8
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ description: Request used for account enable/disable
+ type: object
+ properties:
+ externalVerificationId:
+ description: 'If set, an external process validates that the user wants to proceed with this request.'
+ type: string
+ example: 3f9180835d2e5168015d32f890ca1581
+ forceProvisioning:
+ description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing ''true'' for an unlocked account will add and process ''Unlock'' operation by the workflow.'
+ type: boolean
+ example: false
+ responses:
+ '202':
+ description: Async task details
+ content:
+ application/json:
+ schema:
+ description: Accounts async response containing details on started async process
+ required:
+ - id
+ type: object
+ properties:
+ id:
+ description: id of the task
+ type: string
+ example: 2c91808474683da6017468693c260195
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/accounts/{id}/disable':
+ post:
+ operationId: disableAccount
+ tags:
+ - Accounts
+ summary: Disable Account
+ description: |-
+ This API submits a task to disable the account and returns the task ID.
+ A token with ORG_ADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:account:disable'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The account id
+ example: ef38f94347e94562b5bb8424a56397d8
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ description: Request used for account enable/disable
+ type: object
+ properties:
+ externalVerificationId:
+ description: 'If set, an external process validates that the user wants to proceed with this request.'
+ type: string
+ example: 3f9180835d2e5168015d32f890ca1581
+ forceProvisioning:
+ description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing ''true'' for an unlocked account will add and process ''Unlock'' operation by the workflow.'
+ type: boolean
+ example: false
+ responses:
+ '202':
+ description: Async task details
+ content:
+ application/json:
+ schema:
+ description: Accounts async response containing details on started async process
+ required:
+ - id
+ type: object
+ properties:
+ id:
+ description: id of the task
+ type: string
+ example: 2c91808474683da6017468693c260195
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/accounts/{id}/unlock':
+ post:
+ operationId: unlockAccount
+ tags:
+ - Accounts
+ summary: Unlock Account
+ description: |-
+ This API submits a task to unlock an account and returns the task ID.
+ A token with ORG_ADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:account:unlock'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The account id
+ example: ef38f94347e94562b5bb8424a56397d8
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ description: Request used for account unlock
+ type: object
+ properties:
+ externalVerificationId:
+ description: 'If set, an external process validates that the user wants to proceed with this request.'
+ type: string
+ example: 3f9180835d2e5168015d32f890ca1581
+ unlockIDNAccount:
+ description: 'If set, the IDN account is unlocked after the workflow completes.'
+ type: boolean
+ example: false
+ forceProvisioning:
+ description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.'
+ type: boolean
+ example: false
+ responses:
+ '202':
+ description: Async task details
+ content:
+ application/json:
+ schema:
+ description: Accounts async response containing details on started async process
+ required:
+ - id
+ type: object
+ properties:
+ id:
+ description: id of the task
+ type: string
+ example: 2c91808474683da6017468693c260195
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /account-activities:
+ get:
+ operationId: listAccountActivities
+ tags:
+ - Account Activities
+ summary: Get a list of Account Activities
+ description: This gets a collection of account activities that satisfy the given query parameters.
+ parameters:
+ - in: query
+ name: requested-for
+ schema:
+ type: string
+ description: The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
+ required: false
+ - in: query
+ name: requested-by
+ schema:
+ type: string
+ description: The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
+ required: false
+ - in: query
+ name: regarding-identity
+ schema:
+ type: string
+ description: The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.
+ required: false
+ - in: query
+ name: type
+ schema:
+ type: string
+ description: The type of account activity.
+ required: false
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: filters
+ schema:
+ type: string
+ description: |-
+ Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+ Filtering is supported for the following fields and operators:
+ **type**: *eq, in*
+ **created**: *gt, lt, ge, le*
+ **modified**: *gt, lt, ge, le*
+ - in: query
+ name: sorters
+ schema:
+ type: string
+ format: comma-separated
+ description: |-
+ Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+ Sorting is supported for the following fields: **type, created, modified**
+ responses:
+ '200':
+ description: List of account activities
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: Id of the account activity itself
+ example: 2c9180835d2e5168015d32f890ca1581
+ name:
+ type: string
+ example: 2c9180835d2e5168015d32f890ca1581
+ created:
+ type: string
+ format: date-time
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ completed:
+ type: string
+ format: date-time
+ nullable: true
+ example: '2018-10-19T13:49:37.385Z'
+ completionStatus:
+ nullable: true
+ type: string
+ enum:
+ - SUCCESS
+ - FAILURE
+ - INCOMPLETE
+ - PENDING
+ type:
+ type: string
+ example: appRequest
+ requesterIdentitySummary:
+ type: object
+ nullable: true
+ properties:
+ id:
+ type: string
+ description: ID of this identity summary
+ example: ff80818155fe8c080155fe8d925b0316
+ name:
+ type: string
+ description: Human-readable display name of identity
+ example: SailPoint Services
+ identityId:
+ type: string
+ description: ID of the identity that this summary represents
+ example: c15b9f5cca5a4e9599eaa0e64fa921bd
+ completed:
+ type: boolean
+ description: Indicates if all access items for this summary have been decided on
+ targetIdentitySummary:
+ type: object
+ nullable: true
+ properties:
+ id:
+ type: string
+ description: ID of this identity summary
+ example: ff80818155fe8c080155fe8d925b0316
+ name:
+ type: string
+ description: Human-readable display name of identity
+ example: SailPoint Services
+ identityId:
+ type: string
+ description: ID of the identity that this summary represents
+ example: c15b9f5cca5a4e9599eaa0e64fa921bd
+ completed:
+ type: boolean
+ description: Indicates if all access items for this summary have been decided on
+ errors:
+ nullable: true
+ type: array
+ items:
+ type: string
+ example:
+ - 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.'
+ warnings:
+ nullable: true
+ type: array
+ items:
+ type: string
+ example:
+ - 'Some warning, another warning'
+ items:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: Item id
+ example: 2725138ee34949beb0d6cc982d2d4625
+ name:
+ type: string
+ description: Human-readable display name of item
+ requested:
+ type: string
+ format: date-time
+ description: Date and time item was requested
+ example: '2017-07-11T18:45:37.098Z'
+ approvalStatus:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ provisioningStatus:
+ type: string
+ enum:
+ - PENDING
+ - FINISHED
+ - UNVERIFIABLE
+ - COMMITED
+ - FAILED
+ - RETRY
+ description: Provisioning state of an account activity item
+ requesterComment:
+ type: object
+ nullable: true
+ properties:
+ commenterId:
+ type: string
+ description: Id of the identity making the comment
+ example: 2c918084660f45d6016617daa9210584
+ commenterName:
+ type: string
+ description: Human-readable display name of the identity making the comment
+ example: Adam Kennedy
+ body:
+ type: string
+ description: Content of the comment
+ example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
+ date:
+ type: string
+ format: date-time
+ description: Date and time comment was made
+ example: '2017-07-11T18:45:37.098Z'
+ reviewerIdentitySummary:
+ type: object
+ nullable: true
+ properties:
+ id:
+ type: string
+ description: ID of this identity summary
+ example: ff80818155fe8c080155fe8d925b0316
+ name:
+ type: string
+ description: Human-readable display name of identity
+ example: SailPoint Services
+ identityId:
+ type: string
+ description: ID of the identity that this summary represents
+ example: c15b9f5cca5a4e9599eaa0e64fa921bd
+ completed:
+ type: boolean
+ description: Indicates if all access items for this summary have been decided on
+ reviewerComment:
+ type: object
+ nullable: true
+ properties:
+ commenterId:
+ type: string
+ description: Id of the identity making the comment
+ example: 2c918084660f45d6016617daa9210584
+ commenterName:
+ type: string
+ description: Human-readable display name of the identity making the comment
+ example: Adam Kennedy
+ body:
+ type: string
+ description: Content of the comment
+ example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
+ date:
+ type: string
+ format: date-time
+ description: Date and time comment was made
+ example: '2017-07-11T18:45:37.098Z'
+ operation:
+ type: string
+ enum:
+ - ADD
+ - CREATE
+ - MODIFY
+ - DELETE
+ - DISABLE
+ - ENABLE
+ - UNLOCK
+ - LOCK
+ - REMOVE
+ description: Represents an operation in an account activity item
+ attribute:
+ type: string
+ description: Attribute to which account activity applies
+ nullable: true
+ example: detectedRoles
+ value:
+ type: string
+ description: Value of attribute
+ nullable: true
+ example: 'Treasury Analyst [AccessProfile-1529010191212]'
+ nativeIdentity:
+ nullable: true
+ type: string
+ description: Native identity in the target system to which the account activity applies
+ example: Sandie.Camero
+ sourceId:
+ type: string
+ description: Id of Source to which account activity applies
+ example: 2c91808363ef85290164000587130c0c
+ accountRequestInfo:
+ type: object
+ nullable: true
+ properties:
+ requestedObjectId:
+ type: string
+ description: Id of requested object
+ example: 2c91808563ef85690164001c31140c0c
+ requestedObjectName:
+ type: string
+ description: Human-readable name of requested object
+ example: Treasury Analyst
+ requestedObjectType:
+ type: string
+ enum:
+ - ACCESS_PROFILE
+ - ROLE
+ description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.
+ example: ACCESS_PROFILE
+ description: 'If an account activity item is associated with an access request, captures details of that request.'
+ clientMetadata:
+ nullable: true
+ type: object
+ additionalProperties:
+ type: string
+ description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item'
+ removeDate:
+ nullable: true
+ type: string
+ description: The date the role or access profile is no longer assigned to the specified identity.
+ format: date-time
+ example: '2020-07-11T00:00:00Z'
+ executionStatus:
+ type: string
+ enum:
+ - EXECUTING
+ - VERIFYING
+ - TERMINATED
+ - COMPLETED
+ clientMetadata:
+ nullable: true
+ type: object
+ additionalProperties:
+ type: string
+ description: 'Arbitrary key-value pairs, if any were included in the corresponding access request'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/account-activities/{id}':
+ get:
+ operationId: getAccountActivity
+ tags:
+ - Account Activities
+ summary: Get an Account Activity
+ description: This gets a single account activity by its id.
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The account activity id
+ example: ef38f94347e94562b5bb8424a56397d8
+ responses:
+ '200':
+ description: An account activity object
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: Id of the account activity itself
+ example: 2c9180835d2e5168015d32f890ca1581
+ name:
+ type: string
+ example: 2c9180835d2e5168015d32f890ca1581
+ created:
+ type: string
+ format: date-time
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ completed:
+ type: string
+ format: date-time
+ nullable: true
+ example: '2018-10-19T13:49:37.385Z'
+ completionStatus:
+ nullable: true
+ type: string
+ enum:
+ - SUCCESS
+ - FAILURE
+ - INCOMPLETE
+ - PENDING
+ type:
+ type: string
+ example: appRequest
+ requesterIdentitySummary:
+ type: object
+ nullable: true
+ properties:
+ id:
+ type: string
+ description: ID of this identity summary
+ example: ff80818155fe8c080155fe8d925b0316
+ name:
+ type: string
+ description: Human-readable display name of identity
+ example: SailPoint Services
+ identityId:
+ type: string
+ description: ID of the identity that this summary represents
+ example: c15b9f5cca5a4e9599eaa0e64fa921bd
+ completed:
+ type: boolean
+ description: Indicates if all access items for this summary have been decided on
+ targetIdentitySummary:
+ type: object
+ nullable: true
+ properties:
+ id:
+ type: string
+ description: ID of this identity summary
+ example: ff80818155fe8c080155fe8d925b0316
+ name:
+ type: string
+ description: Human-readable display name of identity
+ example: SailPoint Services
+ identityId:
+ type: string
+ description: ID of the identity that this summary represents
+ example: c15b9f5cca5a4e9599eaa0e64fa921bd
+ completed:
+ type: boolean
+ description: Indicates if all access items for this summary have been decided on
+ errors:
+ nullable: true
+ type: array
+ items:
+ type: string
+ example:
+ - 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.'
+ warnings:
+ nullable: true
+ type: array
+ items:
+ type: string
+ example:
+ - 'Some warning, another warning'
+ items:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: Item id
+ example: 2725138ee34949beb0d6cc982d2d4625
+ name:
+ type: string
+ description: Human-readable display name of item
+ requested:
+ type: string
+ format: date-time
+ description: Date and time item was requested
+ example: '2017-07-11T18:45:37.098Z'
+ approvalStatus:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ provisioningStatus:
+ type: string
+ enum:
+ - PENDING
+ - FINISHED
+ - UNVERIFIABLE
+ - COMMITED
+ - FAILED
+ - RETRY
+ description: Provisioning state of an account activity item
+ requesterComment:
+ type: object
+ nullable: true
+ properties:
+ commenterId:
+ type: string
+ description: Id of the identity making the comment
+ example: 2c918084660f45d6016617daa9210584
+ commenterName:
+ type: string
+ description: Human-readable display name of the identity making the comment
+ example: Adam Kennedy
+ body:
+ type: string
+ description: Content of the comment
+ example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
+ date:
+ type: string
+ format: date-time
+ description: Date and time comment was made
+ example: '2017-07-11T18:45:37.098Z'
+ reviewerIdentitySummary:
+ type: object
+ nullable: true
+ properties:
+ id:
+ type: string
+ description: ID of this identity summary
+ example: ff80818155fe8c080155fe8d925b0316
+ name:
+ type: string
+ description: Human-readable display name of identity
+ example: SailPoint Services
+ identityId:
+ type: string
+ description: ID of the identity that this summary represents
+ example: c15b9f5cca5a4e9599eaa0e64fa921bd
+ completed:
+ type: boolean
+ description: Indicates if all access items for this summary have been decided on
+ reviewerComment:
+ type: object
+ nullable: true
+ properties:
+ commenterId:
+ type: string
+ description: Id of the identity making the comment
+ example: 2c918084660f45d6016617daa9210584
+ commenterName:
+ type: string
+ description: Human-readable display name of the identity making the comment
+ example: Adam Kennedy
+ body:
+ type: string
+ description: Content of the comment
+ example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
+ date:
+ type: string
+ format: date-time
+ description: Date and time comment was made
+ example: '2017-07-11T18:45:37.098Z'
+ operation:
+ type: string
+ enum:
+ - ADD
+ - CREATE
+ - MODIFY
+ - DELETE
+ - DISABLE
+ - ENABLE
+ - UNLOCK
+ - LOCK
+ - REMOVE
+ description: Represents an operation in an account activity item
+ attribute:
+ type: string
+ description: Attribute to which account activity applies
+ nullable: true
+ example: detectedRoles
+ value:
+ type: string
+ description: Value of attribute
+ nullable: true
+ example: 'Treasury Analyst [AccessProfile-1529010191212]'
+ nativeIdentity:
+ nullable: true
+ type: string
+ description: Native identity in the target system to which the account activity applies
+ example: Sandie.Camero
+ sourceId:
+ type: string
+ description: Id of Source to which account activity applies
+ example: 2c91808363ef85290164000587130c0c
+ accountRequestInfo:
+ type: object
+ nullable: true
+ properties:
+ requestedObjectId:
+ type: string
+ description: Id of requested object
+ example: 2c91808563ef85690164001c31140c0c
+ requestedObjectName:
+ type: string
+ description: Human-readable name of requested object
+ example: Treasury Analyst
+ requestedObjectType:
+ type: string
+ enum:
+ - ACCESS_PROFILE
+ - ROLE
+ description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.
+ example: ACCESS_PROFILE
+ description: 'If an account activity item is associated with an access request, captures details of that request.'
+ clientMetadata:
+ nullable: true
+ type: object
+ additionalProperties:
+ type: string
+ description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item'
+ removeDate:
+ nullable: true
+ type: string
+ description: The date the role or access profile is no longer assigned to the specified identity.
+ format: date-time
+ example: '2020-07-11T00:00:00Z'
+ executionStatus:
+ type: string
+ enum:
+ - EXECUTING
+ - VERIFYING
+ - TERMINATED
+ - COMPLETED
+ clientMetadata:
+ nullable: true
+ type: object
+ additionalProperties:
+ type: string
+ description: 'Arbitrary key-value pairs, if any were included in the corresponding access request'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /certifications:
+ get:
+ operationId: listIdentityCertifications
+ tags:
+ - Certifications
+ summary: Identity Campaign Certifications by IDs
+ description: 'This API returns a list of identity campaign certifications that satisfy the given query parameters. Any authenticated token can call this API, but only certifications you are authorized to review will be returned. This API does not support requests for certifications assigned to Governance Groups.'
+ parameters:
+ - in: query
+ name: reviewer-identity
+ schema:
+ type: string
+ description: The ID of reviewer identity. *me* indicates the current user.
+ required: false
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: filters
+ schema:
+ type: string
+ description: |-
+ Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+ Filtering is supported for the following fields and operators:
+ **id**: *eq, in*
+ **campaign.id**: *eq, in*
+ **phase**: *eq*
+ **completed**: *eq, ne*
+ - in: query
+ name: sorters
+ schema:
+ type: string
+ format: comma-separated
+ description: |-
+ Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+ Sorting is supported for the following fields: **name, due, signed**
+ responses:
+ '200':
+ description: List of identity campaign certifications
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ example: 2c9180835d2e5168015d32f890ca1581
+ type: string
+ name:
+ example: 'Source Owner Access Review for Employees [source]'
+ type: string
+ campaign:
+ type: object
+ required:
+ - id
+ - name
+ - type
+ - campaignType
+ - description
+ properties:
+ id:
+ type: string
+ description: The unique ID of the campaign.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the campaign.
+ example: Campaign Name
+ type:
+ type: string
+ enum:
+ - CAMPAIGN
+ description: The type of object that is being referenced.
+ example: CAMPAIGN
+ campaignType:
+ type: string
+ enum:
+ - MANAGER
+ - SOURCE_OWNER
+ - SEARCH
+ description: The type of the campaign.
+ example: MANAGER
+ description:
+ type: string
+ description: The description of the campaign set by the admin who created it.
+ nullable: true
+ example: A description of the campaign
+ completed:
+ type: boolean
+ description: Have all decisions been made?
+ example: true
+ identitiesCompleted:
+ type: integer
+ description: The number of identities for whom all decisions have been made and are complete.
+ example: 5
+ identitiesTotal:
+ type: integer
+ description: 'The total number of identities in the Certification, both complete and incomplete.'
+ example: 10
+ created:
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ decisionsMade:
+ type: integer
+ description: The number of approve/revoke/acknowledge decisions that have been made.
+ example: 20
+ decisionsTotal:
+ type: integer
+ description: The total number of approve/revoke/acknowledge decisions.
+ example: 40
+ due:
+ type: string
+ format: date-time
+ description: The due date of the certification.
+ example: '2018-10-19T13:49:37.385Z'
+ signed:
+ type: string
+ format: date-time
+ nullable: true
+ description: The date the reviewer signed off on the Certification.
+ example: '2018-10-19T13:49:37.385Z'
+ reviewer:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the reviewer.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the reviewer.
+ example: Reviewer Name
+ email:
+ type: string
+ description: The email of the reviewing identity.
+ example: reviewer@test.com
+ type:
+ type: string
+ enum:
+ - IDENTITY
+ created:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ reassignment:
+ type: object
+ nullable: true
+ properties:
+ from:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the certification.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the certification.
+ example: Certification Name
+ type:
+ type: string
+ enum:
+ - CERTIFICATION
+ reviewer:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the reviewer.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the reviewer.
+ example: Reviewer Name
+ email:
+ type: string
+ description: The email of the reviewing identity.
+ example: reviewer@test.com
+ type:
+ type: string
+ enum:
+ - IDENTITY
+ created:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ comment:
+ type: string
+ description: The comment entered when the Certification was reassigned
+ example: Reassigned for a reason
+ hasErrors:
+ type: boolean
+ example: false
+ errorMessage:
+ nullable: true
+ type: string
+ example: The certification has an error
+ phase:
+ type: string
+ description: |
+ The current phase of the campaign.
+ * `STAGED`: The campaign is waiting to be activated.
+ * `ACTIVE`: The campaign is active.
+ * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
+ enum:
+ - STAGED
+ - ACTIVE
+ - SIGNED
+ example: ACTIVE
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/certifications/{id}':
+ get:
+ operationId: getIdentityCertification
+ tags:
+ - Certifications
+ summary: Identity Certification by ID
+ description: This API returns a single identity campaign certification by its ID. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The certification id
+ example: ef38f94347e94562b5bb8424a56397d8
+ responses:
+ '200':
+ description: An identity campaign certification object
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ example: 2c9180835d2e5168015d32f890ca1581
+ type: string
+ name:
+ example: 'Source Owner Access Review for Employees [source]'
+ type: string
+ campaign:
+ type: object
+ required:
+ - id
+ - name
+ - type
+ - campaignType
+ - description
+ properties:
+ id:
+ type: string
+ description: The unique ID of the campaign.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the campaign.
+ example: Campaign Name
+ type:
+ type: string
+ enum:
+ - CAMPAIGN
+ description: The type of object that is being referenced.
+ example: CAMPAIGN
+ campaignType:
+ type: string
+ enum:
+ - MANAGER
+ - SOURCE_OWNER
+ - SEARCH
+ description: The type of the campaign.
+ example: MANAGER
+ description:
+ type: string
+ description: The description of the campaign set by the admin who created it.
+ nullable: true
+ example: A description of the campaign
+ completed:
+ type: boolean
+ description: Have all decisions been made?
+ example: true
+ identitiesCompleted:
+ type: integer
+ description: The number of identities for whom all decisions have been made and are complete.
+ example: 5
+ identitiesTotal:
+ type: integer
+ description: 'The total number of identities in the Certification, both complete and incomplete.'
+ example: 10
+ created:
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ decisionsMade:
+ type: integer
+ description: The number of approve/revoke/acknowledge decisions that have been made.
+ example: 20
+ decisionsTotal:
+ type: integer
+ description: The total number of approve/revoke/acknowledge decisions.
+ example: 40
+ due:
+ type: string
+ format: date-time
+ description: The due date of the certification.
+ example: '2018-10-19T13:49:37.385Z'
+ signed:
+ type: string
+ format: date-time
+ nullable: true
+ description: The date the reviewer signed off on the Certification.
+ example: '2018-10-19T13:49:37.385Z'
+ reviewer:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the reviewer.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the reviewer.
+ example: Reviewer Name
+ email:
+ type: string
+ description: The email of the reviewing identity.
+ example: reviewer@test.com
+ type:
+ type: string
+ enum:
+ - IDENTITY
+ created:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ reassignment:
+ type: object
+ nullable: true
+ properties:
+ from:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the certification.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the certification.
+ example: Certification Name
+ type:
+ type: string
+ enum:
+ - CERTIFICATION
+ reviewer:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the reviewer.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the reviewer.
+ example: Reviewer Name
+ email:
+ type: string
+ description: The email of the reviewing identity.
+ example: reviewer@test.com
+ type:
+ type: string
+ enum:
+ - IDENTITY
+ created:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ comment:
+ type: string
+ description: The comment entered when the Certification was reassigned
+ example: Reassigned for a reason
+ hasErrors:
+ type: boolean
+ example: false
+ errorMessage:
+ nullable: true
+ type: string
+ example: The certification has an error
+ phase:
+ type: string
+ description: |
+ The current phase of the campaign.
+ * `STAGED`: The campaign is waiting to be activated.
+ * `ACTIVE`: The campaign is active.
+ * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
+ enum:
+ - STAGED
+ - ACTIVE
+ - SIGNED
+ example: ACTIVE
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/certifications/{id}/access-review-items':
+ get:
+ operationId: listIdentityAccessReviewItems
+ tags:
+ - Certifications
+ summary: List of Access Review Items
+ description: This API returns a list of access review items for an identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The identity campaign certification ID
+ example: ef38f94347e94562b5bb8424a56397d8
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: filters
+ schema:
+ type: string
+ description: |-
+ Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+
+ Filtering is supported for the following fields and operators:
+
+ **id**: *eq, in*
+
+ **type / access.type**: *eq*
+
+ **completed**: *eq, ne*
+
+ **identitySummary.id**: *eq, in*
+
+ **identitySummary.name**: *eq, sw*
+
+ **access.id**: *eq, in*
+
+ **access.name**: *eq, sw*
+
+ **entitlement.sourceName**: *eq, sw*
+
+ **accessProfile.sourceName**: *eq, sw*
+ - in: query
+ name: sorters
+ schema:
+ type: string
+ format: comma-separated
+ description: |-
+ Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+
+ Sorting is supported for the following fields: **identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName**
+ - in: query
+ name: entitlements
+ schema:
+ type: string
+ description: |-
+ Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs.
+
+ An error will occur if this param is used with **access-profiles** or **roles** as only one of these query params can be used at a time.
+ - in: query
+ name: access-profiles
+ schema:
+ type: string
+ description: |-
+ Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs.
+
+ An error will occur if this param is used with **entitlements** or **roles** as only one of these query params can be used at a time.
+ - in: query
+ name: roles
+ schema:
+ type: string
+ description: |-
+ Filter results to view access review items that pertain to any of the specified comma-separated role IDs.
+
+ An error will occur if this param is used with **entitlements** or **access-profiles** as only one of these query params can be used at a time.
+ responses:
+ '200':
+ description: A list of access review items
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ accessSummary:
+ type: object
+ description: An object holding the access that is being reviewed
+ properties:
+ access:
+ type: object
+ properties:
+ type:
+ description: The type of item being certified
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: The ID of the item being certified
+ example: 2c9180867160846801719932c5153fb7
+ name:
+ type: string
+ description: The name of the item being certified
+ example: Entitlement for Company Database
+ entitlement:
+ type: object
+ nullable: true
+ properties:
+ id:
+ type: string
+ description: The id for the entitlement
+ example: 2c918085718230600171993742c63558
+ name:
+ type: string
+ description: The name of the entitlement
+ example: CN=entitlement.bbb7c650
+ description:
+ nullable: true
+ type: string
+ description: Information about the entitlement
+ example: Gives read/write access to the company database
+ privileged:
+ type: boolean
+ example: false
+ description: Indicates if the entitlement is a privileged entitlement
+ owner:
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ attributeName:
+ type: string
+ description: The name of the attribute on the source
+ example: memberOf
+ attributeValue:
+ type: string
+ description: The value of the attribute on the source
+ example: CN=entitlement.bbb7c650
+ sourceSchemaObjectType:
+ type: string
+ description: The schema object type on the source used to represent the entitlement and its attributes
+ example: groups
+ sourceName:
+ type: string
+ description: The name of the source for which this entitlement belongs
+ example: ODS-AD-Source
+ sourceType:
+ type: string
+ description: The type of the source for which the entitlement belongs
+ example: Active Directory - Direct
+ hasPermissions:
+ type: boolean
+ description: Indicates if the entitlement has permissions
+ example: false
+ isPermission:
+ type: boolean
+ description: Indicates if the entitlement is a representation of an account permission
+ example: false
+ revocable:
+ type: boolean
+ description: Indicates whether the entitlement can be revoked
+ example: true
+ cloudGoverned:
+ type: boolean
+ description: True if the entitlement is cloud governed
+ account:
+ type: object
+ nullable: true
+ description: Information about the status of the entitlement
+ properties:
+ nativeIdentity:
+ type: string
+ description: The native identity for this account
+ example: CN=Alison Ferguso
+ disabled:
+ type: boolean
+ example: false
+ description: Indicates whether this account is currently disabled
+ locked:
+ type: boolean
+ example: false
+ description: Indicates whether this account is currently locked
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ nullable: true
+ type: string
+ description: The id associated with the account
+ example: 2c9180857182305e0171993737eb29e6
+ name:
+ nullable: true
+ type: string
+ created:
+ nullable: true
+ type: string
+ format: date-time
+ description: When the account was created
+ example: '2020-04-20T20:11:05.067Z'
+ modified:
+ nullable: true
+ type: string
+ format: date-time
+ description: When the account was last modified
+ example: '2020-05-20T18:57:16.987Z'
+ accessProfile:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the Access Profile
+ example: 2c91808a7190d06e01719938fcd20792
+ name:
+ type: string
+ description: Name of the Access Profile
+ example: Employee-database-read-write
+ description:
+ type: string
+ description: Information about the Access Profile
+ example: Collection of entitlements to read/write the employee database
+ privileged:
+ type: boolean
+ description: Indicates if the entitlement is a privileged entitlement
+ cloudGoverned:
+ type: boolean
+ description: True if the entitlement is cloud governed
+ endDate:
+ nullable: true
+ type: string
+ format: date-time
+ description: The date at which a user's access expires
+ example: '2021-12-25T00:00:00.000Z'
+ owner:
+ description: Owner of the Access Profile
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ entitlements:
+ type: array
+ description: A list of entitlements associated with this Access Profile
+ items:
+ type: object
+ nullable: true
+ properties:
+ id:
+ type: string
+ description: The id for the entitlement
+ example: 2c918085718230600171993742c63558
+ name:
+ type: string
+ description: The name of the entitlement
+ example: CN=entitlement.bbb7c650
+ description:
+ nullable: true
+ type: string
+ description: Information about the entitlement
+ example: Gives read/write access to the company database
+ privileged:
+ type: boolean
+ example: false
+ description: Indicates if the entitlement is a privileged entitlement
+ owner:
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ attributeName:
+ type: string
+ description: The name of the attribute on the source
+ example: memberOf
+ attributeValue:
+ type: string
+ description: The value of the attribute on the source
+ example: CN=entitlement.bbb7c650
+ sourceSchemaObjectType:
+ type: string
+ description: The schema object type on the source used to represent the entitlement and its attributes
+ example: groups
+ sourceName:
+ type: string
+ description: The name of the source for which this entitlement belongs
+ example: ODS-AD-Source
+ sourceType:
+ type: string
+ description: The type of the source for which the entitlement belongs
+ example: Active Directory - Direct
+ hasPermissions:
+ type: boolean
+ description: Indicates if the entitlement has permissions
+ example: false
+ isPermission:
+ type: boolean
+ description: Indicates if the entitlement is a representation of an account permission
+ example: false
+ revocable:
+ type: boolean
+ description: Indicates whether the entitlement can be revoked
+ example: true
+ cloudGoverned:
+ type: boolean
+ description: True if the entitlement is cloud governed
+ account:
+ type: object
+ nullable: true
+ description: Information about the status of the entitlement
+ properties:
+ nativeIdentity:
+ type: string
+ description: The native identity for this account
+ example: CN=Alison Ferguso
+ disabled:
+ type: boolean
+ example: false
+ description: Indicates whether this account is currently disabled
+ locked:
+ type: boolean
+ example: false
+ description: Indicates whether this account is currently locked
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ nullable: true
+ type: string
+ description: The id associated with the account
+ example: 2c9180857182305e0171993737eb29e6
+ name:
+ nullable: true
+ type: string
+ created:
+ nullable: true
+ type: string
+ format: date-time
+ description: When the account was created
+ example: '2020-04-20T20:11:05.067Z'
+ modified:
+ nullable: true
+ type: string
+ format: date-time
+ description: When the account was last modified
+ example: '2020-05-20T18:57:16.987Z'
+ created:
+ type: string
+ description: Date the Access Profile was created.
+ format: date-time
+ example: '2021-01-01T22:32:58.104Z'
+ modified:
+ type: string
+ description: Date the Access Profile was last modified.
+ format: date-time
+ example: '2021-02-01T22:32:58.104Z'
+ role:
+ type: object
+ nullable: true
+ properties:
+ id:
+ type: string
+ description: The id for the Role
+ example: 2c91808a7190d06e0171993907fd0794
+ name:
+ type: string
+ description: The name of the Role
+ example: Accounting-Employees
+ description:
+ type: string
+ description: Information about the Role
+ example: Role for members of the accounting department with the necessary Access Profiles
+ privileged:
+ type: boolean
+ description: Indicates if the entitlement is a privileged entitlement
+ owner:
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ revocable:
+ type: boolean
+ description: Indicates whether the Role can be revoked or requested
+ endDate:
+ type: string
+ format: date-time
+ description: The date when a user's access expires.
+ example: '2021-12-25T00:00:00.000Z'
+ accessProfiles:
+ type: array
+ description: The list of Access Profiles associated with this Role
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the Access Profile
+ example: 2c91808a7190d06e01719938fcd20792
+ name:
+ type: string
+ description: Name of the Access Profile
+ example: Employee-database-read-write
+ description:
+ type: string
+ description: Information about the Access Profile
+ example: Collection of entitlements to read/write the employee database
+ privileged:
+ type: boolean
+ description: Indicates if the entitlement is a privileged entitlement
+ cloudGoverned:
+ type: boolean
+ description: True if the entitlement is cloud governed
+ endDate:
+ nullable: true
+ type: string
+ format: date-time
+ description: The date at which a user's access expires
+ example: '2021-12-25T00:00:00.000Z'
+ owner:
+ description: Owner of the Access Profile
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ entitlements:
+ type: array
+ description: A list of entitlements associated with this Access Profile
+ items:
+ type: object
+ nullable: true
+ properties:
+ id:
+ type: string
+ description: The id for the entitlement
+ example: 2c918085718230600171993742c63558
+ name:
+ type: string
+ description: The name of the entitlement
+ example: CN=entitlement.bbb7c650
+ description:
+ nullable: true
+ type: string
+ description: Information about the entitlement
+ example: Gives read/write access to the company database
+ privileged:
+ type: boolean
+ example: false
+ description: Indicates if the entitlement is a privileged entitlement
+ owner:
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ attributeName:
+ type: string
+ description: The name of the attribute on the source
+ example: memberOf
+ attributeValue:
+ type: string
+ description: The value of the attribute on the source
+ example: CN=entitlement.bbb7c650
+ sourceSchemaObjectType:
+ type: string
+ description: The schema object type on the source used to represent the entitlement and its attributes
+ example: groups
+ sourceName:
+ type: string
+ description: The name of the source for which this entitlement belongs
+ example: ODS-AD-Source
+ sourceType:
+ type: string
+ description: The type of the source for which the entitlement belongs
+ example: Active Directory - Direct
+ hasPermissions:
+ type: boolean
+ description: Indicates if the entitlement has permissions
+ example: false
+ isPermission:
+ type: boolean
+ description: Indicates if the entitlement is a representation of an account permission
+ example: false
+ revocable:
+ type: boolean
+ description: Indicates whether the entitlement can be revoked
+ example: true
+ cloudGoverned:
+ type: boolean
+ description: True if the entitlement is cloud governed
+ account:
+ type: object
+ nullable: true
+ description: Information about the status of the entitlement
+ properties:
+ nativeIdentity:
+ type: string
+ description: The native identity for this account
+ example: CN=Alison Ferguso
+ disabled:
+ type: boolean
+ example: false
+ description: Indicates whether this account is currently disabled
+ locked:
+ type: boolean
+ example: false
+ description: Indicates whether this account is currently locked
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ nullable: true
+ type: string
+ description: The id associated with the account
+ example: 2c9180857182305e0171993737eb29e6
+ name:
+ nullable: true
+ type: string
+ created:
+ nullable: true
+ type: string
+ format: date-time
+ description: When the account was created
+ example: '2020-04-20T20:11:05.067Z'
+ modified:
+ nullable: true
+ type: string
+ format: date-time
+ description: When the account was last modified
+ example: '2020-05-20T18:57:16.987Z'
+ created:
+ type: string
+ description: Date the Access Profile was created.
+ format: date-time
+ example: '2021-01-01T22:32:58.104Z'
+ modified:
+ type: string
+ description: Date the Access Profile was last modified.
+ format: date-time
+ example: '2021-02-01T22:32:58.104Z'
+ identitySummary:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of the identity summary
+ example: 2c91808772a504f50172a9540e501ba7
+ name:
+ type: string
+ description: Name of the linked identity
+ example: Alison Ferguso
+ identityId:
+ type: string
+ description: The ID of the identity being certified
+ example: 2c9180857182306001719937377a33de
+ completed:
+ type: boolean
+ description: Indicates whether the review items for the linked identity's certification have been completed
+ id:
+ type: string
+ description: The review item's id
+ example: ef38f94347e94562b5bb8424a56397d8
+ completed:
+ type: boolean
+ description: Whether the review item is complete
+ example: false
+ newAccess:
+ type: boolean
+ description: Indicates whether the review item is for new access to a source
+ decision:
+ type: string
+ description: The decision to approve or revoke the review item
+ enum:
+ - APPROVE
+ - REVOKE
+ example: APPROVE
+ comments:
+ nullable: true
+ type: string
+ description: Comments for this review item
+ example: This user still needs access to this source
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/certifications/{id}/decide':
+ post:
+ operationId: makeIdentityDecision
+ tags:
+ - Certifications
+ summary: Decide on a Certification Item
+ description: The API makes a decision to approve or revoke one or more identity campaign certification items. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The ID of the identity campaign certification on which to make decisions
+ example: ef38f94347e94562b5bb8424a56397d8
+ requestBody:
+ required: true
+ description: A non-empty array of decisions to be made.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: ef38f94347e94562b5bb8424a56397d8
+ decision:
+ type: string
+ description: The decision to approve or revoke the review item
+ enum:
+ - APPROVE
+ - REVOKE
+ example: APPROVE
+ proposedEndDate:
+ type: string
+ format: date-time
+ description: The date at which a user's access should be taken away. Should only be set for `REVOKE` decisions.
+ bulk:
+ type: boolean
+ description: Indicates whether decision should be marked as part of a larger bulk decision
+ example: true
+ recommendation:
+ nullable: true
+ type: object
+ properties:
+ recommendation:
+ type: string
+ description: The recommendation from IAI at the time of the decision. This field will be null if no recommendation was made.
+ reasons:
+ type: array
+ items:
+ type: string
+ description: A list of reasons for the recommendation.
+ timestamp:
+ type: string
+ format: date-time
+ description: The time at which the recommendation was recorded.
+ example: '2020-06-01T13:49:37.385Z'
+ comments:
+ type: string
+ description: Comments recorded when the decision was made
+ example: This user no longer needs access to this source
+ required:
+ - id
+ - decision
+ - bulk
+ minItems: 1
+ maxItems: 250
+ example:
+ - id: ef38f94347e94562b5bb8424a56396b5
+ decision: APPROVE
+ bulk: true
+ comments: This user still needs access to this source.
+ - id: ef38f94347e94562b5bb8424a56397d8
+ decision: APPROVE
+ bulk: true
+ comments: This user still needs access to this source too.
+ responses:
+ '200':
+ description: An identity campaign certification object
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ example: 2c9180835d2e5168015d32f890ca1581
+ type: string
+ name:
+ example: 'Source Owner Access Review for Employees [source]'
+ type: string
+ campaign:
+ type: object
+ required:
+ - id
+ - name
+ - type
+ - campaignType
+ - description
+ properties:
+ id:
+ type: string
+ description: The unique ID of the campaign.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the campaign.
+ example: Campaign Name
+ type:
+ type: string
+ enum:
+ - CAMPAIGN
+ description: The type of object that is being referenced.
+ example: CAMPAIGN
+ campaignType:
+ type: string
+ enum:
+ - MANAGER
+ - SOURCE_OWNER
+ - SEARCH
+ description: The type of the campaign.
+ example: MANAGER
+ description:
+ type: string
+ description: The description of the campaign set by the admin who created it.
+ nullable: true
+ example: A description of the campaign
+ completed:
+ type: boolean
+ description: Have all decisions been made?
+ example: true
+ identitiesCompleted:
+ type: integer
+ description: The number of identities for whom all decisions have been made and are complete.
+ example: 5
+ identitiesTotal:
+ type: integer
+ description: 'The total number of identities in the Certification, both complete and incomplete.'
+ example: 10
+ created:
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ decisionsMade:
+ type: integer
+ description: The number of approve/revoke/acknowledge decisions that have been made.
+ example: 20
+ decisionsTotal:
+ type: integer
+ description: The total number of approve/revoke/acknowledge decisions.
+ example: 40
+ due:
+ type: string
+ format: date-time
+ description: The due date of the certification.
+ example: '2018-10-19T13:49:37.385Z'
+ signed:
+ type: string
+ format: date-time
+ nullable: true
+ description: The date the reviewer signed off on the Certification.
+ example: '2018-10-19T13:49:37.385Z'
+ reviewer:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the reviewer.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the reviewer.
+ example: Reviewer Name
+ email:
+ type: string
+ description: The email of the reviewing identity.
+ example: reviewer@test.com
+ type:
+ type: string
+ enum:
+ - IDENTITY
+ created:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ reassignment:
+ type: object
+ nullable: true
+ properties:
+ from:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the certification.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the certification.
+ example: Certification Name
+ type:
+ type: string
+ enum:
+ - CERTIFICATION
+ reviewer:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the reviewer.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the reviewer.
+ example: Reviewer Name
+ email:
+ type: string
+ description: The email of the reviewing identity.
+ example: reviewer@test.com
+ type:
+ type: string
+ enum:
+ - IDENTITY
+ created:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ comment:
+ type: string
+ description: The comment entered when the Certification was reassigned
+ example: Reassigned for a reason
+ hasErrors:
+ type: boolean
+ example: false
+ errorMessage:
+ nullable: true
+ type: string
+ example: The certification has an error
+ phase:
+ type: string
+ description: |
+ The current phase of the campaign.
+ * `STAGED`: The campaign is waiting to be activated.
+ * `ACTIVE`: The campaign is active.
+ * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
+ enum:
+ - STAGED
+ - ACTIVE
+ - SIGNED
+ example: ACTIVE
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/certifications/{id}/reassign':
+ post:
+ operationId: reassignIdentityCertifications
+ tags:
+ - Certifications
+ summary: Reassign Identities or Items
+ description: This API reassigns up to 50 identities or items in an identity campaign certification to another reviewer. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The identity campaign certification ID
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ reassign:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of item or identity being reassigned.
+ example: ef38f94347e94562b5bb8424a56397d8
+ type:
+ type: string
+ enum:
+ - TARGET_SUMMARY
+ - ITEM
+ - IDENTITY_SUMMARY
+ required:
+ - id
+ - type
+ reassignTo:
+ type: string
+ description: The ID of the identity to which the certification is reassigned
+ example: ef38f94347e94562b5bb8424a56397d8
+ reason:
+ type: string
+ description: The reason comment for why the reassign was made
+ example: reassigned for some reason
+ required:
+ - reassign
+ - reassignTo
+ - reason
+ responses:
+ '200':
+ description: An identity campaign certification details after completing the reassignment.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ example: 2c9180835d2e5168015d32f890ca1581
+ type: string
+ name:
+ example: 'Source Owner Access Review for Employees [source]'
+ type: string
+ campaign:
+ type: object
+ required:
+ - id
+ - name
+ - type
+ - campaignType
+ - description
+ properties:
+ id:
+ type: string
+ description: The unique ID of the campaign.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the campaign.
+ example: Campaign Name
+ type:
+ type: string
+ enum:
+ - CAMPAIGN
+ description: The type of object that is being referenced.
+ example: CAMPAIGN
+ campaignType:
+ type: string
+ enum:
+ - MANAGER
+ - SOURCE_OWNER
+ - SEARCH
+ description: The type of the campaign.
+ example: MANAGER
+ description:
+ type: string
+ description: The description of the campaign set by the admin who created it.
+ nullable: true
+ example: A description of the campaign
+ completed:
+ type: boolean
+ description: Have all decisions been made?
+ example: true
+ identitiesCompleted:
+ type: integer
+ description: The number of identities for whom all decisions have been made and are complete.
+ example: 5
+ identitiesTotal:
+ type: integer
+ description: 'The total number of identities in the Certification, both complete and incomplete.'
+ example: 10
+ created:
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ decisionsMade:
+ type: integer
+ description: The number of approve/revoke/acknowledge decisions that have been made.
+ example: 20
+ decisionsTotal:
+ type: integer
+ description: The total number of approve/revoke/acknowledge decisions.
+ example: 40
+ due:
+ type: string
+ format: date-time
+ description: The due date of the certification.
+ example: '2018-10-19T13:49:37.385Z'
+ signed:
+ type: string
+ format: date-time
+ nullable: true
+ description: The date the reviewer signed off on the Certification.
+ example: '2018-10-19T13:49:37.385Z'
+ reviewer:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the reviewer.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the reviewer.
+ example: Reviewer Name
+ email:
+ type: string
+ description: The email of the reviewing identity.
+ example: reviewer@test.com
+ type:
+ type: string
+ enum:
+ - IDENTITY
+ created:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ reassignment:
+ type: object
+ nullable: true
+ properties:
+ from:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the certification.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the certification.
+ example: Certification Name
+ type:
+ type: string
+ enum:
+ - CERTIFICATION
+ reviewer:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the reviewer.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the reviewer.
+ example: Reviewer Name
+ email:
+ type: string
+ description: The email of the reviewing identity.
+ example: reviewer@test.com
+ type:
+ type: string
+ enum:
+ - IDENTITY
+ created:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ comment:
+ type: string
+ description: The comment entered when the Certification was reassigned
+ example: Reassigned for a reason
+ hasErrors:
+ type: boolean
+ example: false
+ errorMessage:
+ nullable: true
+ type: string
+ example: The certification has an error
+ phase:
+ type: string
+ description: |
+ The current phase of the campaign.
+ * `STAGED`: The campaign is waiting to be activated.
+ * `ACTIVE`: The campaign is active.
+ * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
+ enum:
+ - STAGED
+ - ACTIVE
+ - SIGNED
+ example: ACTIVE
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/certifications/{id}/sign-off':
+ post:
+ operationId: signOffIdentityCertification
+ tags:
+ - Certifications
+ summary: Finalize Identity Certification Decisions
+ description: This API finalizes all decisions made on an identity campaign certification and initiates any remediations required. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The identity campaign certification ID
+ example: ef38f94347e94562b5bb8424a56397d8
+ responses:
+ '200':
+ description: An identity campaign certification object
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ example: 2c9180835d2e5168015d32f890ca1581
+ type: string
+ name:
+ example: 'Source Owner Access Review for Employees [source]'
+ type: string
+ campaign:
+ type: object
+ required:
+ - id
+ - name
+ - type
+ - campaignType
+ - description
+ properties:
+ id:
+ type: string
+ description: The unique ID of the campaign.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the campaign.
+ example: Campaign Name
+ type:
+ type: string
+ enum:
+ - CAMPAIGN
+ description: The type of object that is being referenced.
+ example: CAMPAIGN
+ campaignType:
+ type: string
+ enum:
+ - MANAGER
+ - SOURCE_OWNER
+ - SEARCH
+ description: The type of the campaign.
+ example: MANAGER
+ description:
+ type: string
+ description: The description of the campaign set by the admin who created it.
+ nullable: true
+ example: A description of the campaign
+ completed:
+ type: boolean
+ description: Have all decisions been made?
+ example: true
+ identitiesCompleted:
+ type: integer
+ description: The number of identities for whom all decisions have been made and are complete.
+ example: 5
+ identitiesTotal:
+ type: integer
+ description: 'The total number of identities in the Certification, both complete and incomplete.'
+ example: 10
+ created:
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ decisionsMade:
+ type: integer
+ description: The number of approve/revoke/acknowledge decisions that have been made.
+ example: 20
+ decisionsTotal:
+ type: integer
+ description: The total number of approve/revoke/acknowledge decisions.
+ example: 40
+ due:
+ type: string
+ format: date-time
+ description: The due date of the certification.
+ example: '2018-10-19T13:49:37.385Z'
+ signed:
+ type: string
+ format: date-time
+ nullable: true
+ description: The date the reviewer signed off on the Certification.
+ example: '2018-10-19T13:49:37.385Z'
+ reviewer:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the reviewer.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the reviewer.
+ example: Reviewer Name
+ email:
+ type: string
+ description: The email of the reviewing identity.
+ example: reviewer@test.com
+ type:
+ type: string
+ enum:
+ - IDENTITY
+ created:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ reassignment:
+ type: object
+ nullable: true
+ properties:
+ from:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the certification.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the certification.
+ example: Certification Name
+ type:
+ type: string
+ enum:
+ - CERTIFICATION
+ reviewer:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the reviewer.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the reviewer.
+ example: Reviewer Name
+ email:
+ type: string
+ description: The email of the reviewing identity.
+ example: reviewer@test.com
+ type:
+ type: string
+ enum:
+ - IDENTITY
+ created:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ comment:
+ type: string
+ description: The comment entered when the Certification was reassigned
+ example: Reassigned for a reason
+ hasErrors:
+ type: boolean
+ example: false
+ errorMessage:
+ nullable: true
+ type: string
+ example: The certification has an error
+ phase:
+ type: string
+ description: |
+ The current phase of the campaign.
+ * `STAGED`: The campaign is waiting to be activated.
+ * `ACTIVE`: The campaign is active.
+ * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
+ enum:
+ - STAGED
+ - ACTIVE
+ - SIGNED
+ example: ACTIVE
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/certifications/{id}/decision-summary':
+ get:
+ operationId: getIdentityDecisionSummary
+ tags:
+ - Certification Summaries
+ summary: Summary of Certification Decisions
+ description: This API returns a summary of the decisions made on an identity campaign certification. The decisions are summarized by type. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The certification ID
+ example: ef38f94347e94562b5bb8424a56397d8
+ - in: query
+ name: filters
+ schema:
+ type: string
+ description: |-
+ Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki-API-Standard-Collection-Parameters/ta-p/156407)
+
+ Filtering is supported for the following fields and operators:
+
+ **identitySummary.id**: *eq, in*
+ responses:
+ '200':
+ description: Summary of the decisions made
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ entitlementDecisionsMade:
+ type: integer
+ description: Number of entitlement decisions that have been made
+ example: 3
+ accessProfileDecisionsMade:
+ type: integer
+ description: Number of access profile decisions that have been made
+ example: 5
+ roleDecisionsMade:
+ type: integer
+ description: Number of role decisions that have been made
+ example: 2
+ accountDecisionsMade:
+ type: integer
+ description: Number of account decisions that have been made
+ example: 4
+ entitlementDecisionsTotal:
+ type: integer
+ description: 'The total number of entitlement decisions on the certification, both complete and incomplete'
+ example: 6
+ accessProfileDecisionsTotal:
+ type: integer
+ description: 'The total number of access profile decisions on the certification, both complete and incomplete'
+ example: 10
+ roleDecisionsTotal:
+ type: integer
+ description: 'The total number of role decisions on the certification, both complete and incomplete'
+ example: 4
+ accountDecisionsTotal:
+ type: integer
+ description: 'The total number of account decisions on the certification, both complete and incomplete'
+ example: 8
+ entitlementsApproved:
+ type: integer
+ description: The number of entitlement decisions that have been made which were approved
+ example: 2
+ entitlementsRevoked:
+ type: integer
+ description: The number of entitlement decisions that have been made which were revoked
+ example: 1
+ accessProfilesApproved:
+ type: integer
+ description: The number of access profile decisions that have been made which were approved
+ example: 3
+ accessProfilesRevoked:
+ type: integer
+ description: The number of access profile decisions that have been made which were revoked
+ example: 2
+ rolesApproved:
+ type: integer
+ description: The number of role decisions that have been made which were approved
+ example: 2
+ rolesRevoked:
+ type: integer
+ description: The number of role decisions that have been made which were revoked
+ example: 0
+ accountsApproved:
+ type: integer
+ description: The number of account decisions that have been made which were approved
+ example: 1
+ accountsRevoked:
+ type: integer
+ description: The number of account decisions that have been made which were revoked
+ example: 3
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/certifications/{id}/identity-summaries':
+ get:
+ operationId: getIdentitySummaries
+ tags:
+ - Certification Summaries
+ summary: Identity Summaries for Identity Campaign Certification
+ description: This API returns a list of the identity summaries for a specific identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The identity campaign certification ID
+ example: ef38f94347e94562b5bb8424a56397d8
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: filters
+ schema:
+ type: string
+ description: |-
+ Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+
+ Filtering is supported for the following fields and operators:
+
+ **id**: *eq, in*
+
+ **completed**: *eq, ne*
+
+ **name**: *eq, sw*
+ - in: query
+ name: sorters
+ schema:
+ type: string
+ format: comma-separated
+ description: |-
+ Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+
+ Sorting is supported for the following fields: **name**
+ responses:
+ '200':
+ description: List of identity summaries
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of the identity summary
+ example: 2c91808772a504f50172a9540e501ba7
+ name:
+ type: string
+ description: Name of the linked identity
+ example: Alison Ferguso
+ identityId:
+ type: string
+ description: The ID of the identity being certified
+ example: 2c9180857182306001719937377a33de
+ completed:
+ type: boolean
+ description: Indicates whether the review items for the linked identity's certification have been completed
+ example:
+ - id: 2c91808772a504f50172a9540e501ba7
+ name: Aaron Grey
+ identityId: 2c9180857182306001719937379633e4
+ completed: false
+ - id: 2c91808772a504f50172a9540e501ba8
+ name: Aglae Wilson
+ identityId: 2c9180857182306001719937377a33de
+ completed: true
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/certifications/{id}/access-summaries/{type}':
+ get:
+ operationId: getIdentityAccessSummaries
+ tags:
+ - Certification Summaries
+ summary: Access Summaries
+ description: This API returns a list of access summaries for the specified identity campaign certification and type. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The identity campaign certification ID
+ example: ef38f94347e94562b5bb8424a56397d8
+ - in: path
+ name: type
+ schema:
+ type: string
+ enum:
+ - ROLE
+ - ACCESS_PROFILE
+ - ENTITLEMENT
+ required: true
+ description: The type of access review item to retrieve summaries for
+ example: ACCESS_PROFILE
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: filters
+ schema:
+ type: string
+ description: |-
+ Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki-API-Standard-Collection-Parameters/ta-p/156407)
+
+ Filtering is supported for the following fields and operators:
+
+ **completed**: *eq, ne*
+
+ **access.id**: *eq, in*
+
+ **access.name**: *eq, sw*
+
+ **entitlement.sourceName**: *eq, sw*
+
+ **accessProfile.sourceName**: *eq, sw*
+ - in: query
+ name: sorters
+ schema:
+ type: string
+ format: comma-separated
+ description: |-
+ Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+
+ Sorting is supported for the following fields: **access.name**
+ responses:
+ '200':
+ description: List of access summaries
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ description: An object holding the access that is being reviewed
+ properties:
+ access:
+ type: object
+ properties:
+ type:
+ description: The type of item being certified
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: The ID of the item being certified
+ example: 2c9180867160846801719932c5153fb7
+ name:
+ type: string
+ description: The name of the item being certified
+ example: Entitlement for Company Database
+ entitlement:
+ type: object
+ nullable: true
+ properties:
+ id:
+ type: string
+ description: The id for the entitlement
+ example: 2c918085718230600171993742c63558
+ name:
+ type: string
+ description: The name of the entitlement
+ example: CN=entitlement.bbb7c650
+ description:
+ nullable: true
+ type: string
+ description: Information about the entitlement
+ example: Gives read/write access to the company database
+ privileged:
+ type: boolean
+ example: false
+ description: Indicates if the entitlement is a privileged entitlement
+ owner:
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ attributeName:
+ type: string
+ description: The name of the attribute on the source
+ example: memberOf
+ attributeValue:
+ type: string
+ description: The value of the attribute on the source
+ example: CN=entitlement.bbb7c650
+ sourceSchemaObjectType:
+ type: string
+ description: The schema object type on the source used to represent the entitlement and its attributes
+ example: groups
+ sourceName:
+ type: string
+ description: The name of the source for which this entitlement belongs
+ example: ODS-AD-Source
+ sourceType:
+ type: string
+ description: The type of the source for which the entitlement belongs
+ example: Active Directory - Direct
+ hasPermissions:
+ type: boolean
+ description: Indicates if the entitlement has permissions
+ example: false
+ isPermission:
+ type: boolean
+ description: Indicates if the entitlement is a representation of an account permission
+ example: false
+ revocable:
+ type: boolean
+ description: Indicates whether the entitlement can be revoked
+ example: true
+ cloudGoverned:
+ type: boolean
+ description: True if the entitlement is cloud governed
+ account:
+ type: object
+ nullable: true
+ description: Information about the status of the entitlement
+ properties:
+ nativeIdentity:
+ type: string
+ description: The native identity for this account
+ example: CN=Alison Ferguso
+ disabled:
+ type: boolean
+ example: false
+ description: Indicates whether this account is currently disabled
+ locked:
+ type: boolean
+ example: false
+ description: Indicates whether this account is currently locked
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ nullable: true
+ type: string
+ description: The id associated with the account
+ example: 2c9180857182305e0171993737eb29e6
+ name:
+ nullable: true
+ type: string
+ created:
+ nullable: true
+ type: string
+ format: date-time
+ description: When the account was created
+ example: '2020-04-20T20:11:05.067Z'
+ modified:
+ nullable: true
+ type: string
+ format: date-time
+ description: When the account was last modified
+ example: '2020-05-20T18:57:16.987Z'
+ accessProfile:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the Access Profile
+ example: 2c91808a7190d06e01719938fcd20792
+ name:
+ type: string
+ description: Name of the Access Profile
+ example: Employee-database-read-write
+ description:
+ type: string
+ description: Information about the Access Profile
+ example: Collection of entitlements to read/write the employee database
+ privileged:
+ type: boolean
+ description: Indicates if the entitlement is a privileged entitlement
+ cloudGoverned:
+ type: boolean
+ description: True if the entitlement is cloud governed
+ endDate:
+ nullable: true
+ type: string
+ format: date-time
+ description: The date at which a user's access expires
+ example: '2021-12-25T00:00:00.000Z'
+ owner:
+ description: Owner of the Access Profile
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ entitlements:
+ type: array
+ description: A list of entitlements associated with this Access Profile
+ items:
+ type: object
+ nullable: true
+ properties:
+ id:
+ type: string
+ description: The id for the entitlement
+ example: 2c918085718230600171993742c63558
+ name:
+ type: string
+ description: The name of the entitlement
+ example: CN=entitlement.bbb7c650
+ description:
+ nullable: true
+ type: string
+ description: Information about the entitlement
+ example: Gives read/write access to the company database
+ privileged:
+ type: boolean
+ example: false
+ description: Indicates if the entitlement is a privileged entitlement
+ owner:
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ attributeName:
+ type: string
+ description: The name of the attribute on the source
+ example: memberOf
+ attributeValue:
+ type: string
+ description: The value of the attribute on the source
+ example: CN=entitlement.bbb7c650
+ sourceSchemaObjectType:
+ type: string
+ description: The schema object type on the source used to represent the entitlement and its attributes
+ example: groups
+ sourceName:
+ type: string
+ description: The name of the source for which this entitlement belongs
+ example: ODS-AD-Source
+ sourceType:
+ type: string
+ description: The type of the source for which the entitlement belongs
+ example: Active Directory - Direct
+ hasPermissions:
+ type: boolean
+ description: Indicates if the entitlement has permissions
+ example: false
+ isPermission:
+ type: boolean
+ description: Indicates if the entitlement is a representation of an account permission
+ example: false
+ revocable:
+ type: boolean
+ description: Indicates whether the entitlement can be revoked
+ example: true
+ cloudGoverned:
+ type: boolean
+ description: True if the entitlement is cloud governed
+ account:
+ type: object
+ nullable: true
+ description: Information about the status of the entitlement
+ properties:
+ nativeIdentity:
+ type: string
+ description: The native identity for this account
+ example: CN=Alison Ferguso
+ disabled:
+ type: boolean
+ example: false
+ description: Indicates whether this account is currently disabled
+ locked:
+ type: boolean
+ example: false
+ description: Indicates whether this account is currently locked
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ nullable: true
+ type: string
+ description: The id associated with the account
+ example: 2c9180857182305e0171993737eb29e6
+ name:
+ nullable: true
+ type: string
+ created:
+ nullable: true
+ type: string
+ format: date-time
+ description: When the account was created
+ example: '2020-04-20T20:11:05.067Z'
+ modified:
+ nullable: true
+ type: string
+ format: date-time
+ description: When the account was last modified
+ example: '2020-05-20T18:57:16.987Z'
+ created:
+ type: string
+ description: Date the Access Profile was created.
+ format: date-time
+ example: '2021-01-01T22:32:58.104Z'
+ modified:
+ type: string
+ description: Date the Access Profile was last modified.
+ format: date-time
+ example: '2021-02-01T22:32:58.104Z'
+ role:
+ type: object
+ nullable: true
+ properties:
+ id:
+ type: string
+ description: The id for the Role
+ example: 2c91808a7190d06e0171993907fd0794
+ name:
+ type: string
+ description: The name of the Role
+ example: Accounting-Employees
+ description:
+ type: string
+ description: Information about the Role
+ example: Role for members of the accounting department with the necessary Access Profiles
+ privileged:
+ type: boolean
+ description: Indicates if the entitlement is a privileged entitlement
+ owner:
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ revocable:
+ type: boolean
+ description: Indicates whether the Role can be revoked or requested
+ endDate:
+ type: string
+ format: date-time
+ description: The date when a user's access expires.
+ example: '2021-12-25T00:00:00.000Z'
+ accessProfiles:
+ type: array
+ description: The list of Access Profiles associated with this Role
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the Access Profile
+ example: 2c91808a7190d06e01719938fcd20792
+ name:
+ type: string
+ description: Name of the Access Profile
+ example: Employee-database-read-write
+ description:
+ type: string
+ description: Information about the Access Profile
+ example: Collection of entitlements to read/write the employee database
+ privileged:
+ type: boolean
+ description: Indicates if the entitlement is a privileged entitlement
+ cloudGoverned:
+ type: boolean
+ description: True if the entitlement is cloud governed
+ endDate:
+ nullable: true
+ type: string
+ format: date-time
+ description: The date at which a user's access expires
+ example: '2021-12-25T00:00:00.000Z'
+ owner:
+ description: Owner of the Access Profile
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ entitlements:
+ type: array
+ description: A list of entitlements associated with this Access Profile
+ items:
+ type: object
+ nullable: true
+ properties:
+ id:
+ type: string
+ description: The id for the entitlement
+ example: 2c918085718230600171993742c63558
+ name:
+ type: string
+ description: The name of the entitlement
+ example: CN=entitlement.bbb7c650
+ description:
+ nullable: true
+ type: string
+ description: Information about the entitlement
+ example: Gives read/write access to the company database
+ privileged:
+ type: boolean
+ example: false
+ description: Indicates if the entitlement is a privileged entitlement
+ owner:
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ attributeName:
+ type: string
+ description: The name of the attribute on the source
+ example: memberOf
+ attributeValue:
+ type: string
+ description: The value of the attribute on the source
+ example: CN=entitlement.bbb7c650
+ sourceSchemaObjectType:
+ type: string
+ description: The schema object type on the source used to represent the entitlement and its attributes
+ example: groups
+ sourceName:
+ type: string
+ description: The name of the source for which this entitlement belongs
+ example: ODS-AD-Source
+ sourceType:
+ type: string
+ description: The type of the source for which the entitlement belongs
+ example: Active Directory - Direct
+ hasPermissions:
+ type: boolean
+ description: Indicates if the entitlement has permissions
+ example: false
+ isPermission:
+ type: boolean
+ description: Indicates if the entitlement is a representation of an account permission
+ example: false
+ revocable:
+ type: boolean
+ description: Indicates whether the entitlement can be revoked
+ example: true
+ cloudGoverned:
+ type: boolean
+ description: True if the entitlement is cloud governed
+ account:
+ type: object
+ nullable: true
+ description: Information about the status of the entitlement
+ properties:
+ nativeIdentity:
+ type: string
+ description: The native identity for this account
+ example: CN=Alison Ferguso
+ disabled:
+ type: boolean
+ example: false
+ description: Indicates whether this account is currently disabled
+ locked:
+ type: boolean
+ example: false
+ description: Indicates whether this account is currently locked
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ nullable: true
+ type: string
+ description: The id associated with the account
+ example: 2c9180857182305e0171993737eb29e6
+ name:
+ nullable: true
+ type: string
+ created:
+ nullable: true
+ type: string
+ format: date-time
+ description: When the account was created
+ example: '2020-04-20T20:11:05.067Z'
+ modified:
+ nullable: true
+ type: string
+ format: date-time
+ description: When the account was last modified
+ example: '2020-05-20T18:57:16.987Z'
+ created:
+ type: string
+ description: Date the Access Profile was created.
+ format: date-time
+ example: '2021-01-01T22:32:58.104Z'
+ modified:
+ type: string
+ description: Date the Access Profile was last modified.
+ format: date-time
+ example: '2021-02-01T22:32:58.104Z'
+ example:
+ - access:
+ type: ENTITLEMENT
+ id: 2c9180857182305e01719937429e2bad
+ name: CN=Engineering
+ entitlement:
+ id: 2c9180857182305e01719937429e2bad
+ name: CN=Engineering
+ description: Access to the engineering database
+ privileged: false
+ owner:
+ email: brandon.gray@acme-solar.com
+ type: IDENTITY
+ id: 2c9180867160846801719932c5153fb7
+ name: Brandon Gray
+ attributeName: memberOf
+ attributeValue: CN=Engineering
+ sourceName: ODS-AD-Source
+ hasPermissions: true
+ revocable: true
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/certifications/{id}/identity-summary/{identitySummaryId}':
+ get:
+ operationId: getIdentitySummary
+ tags:
+ - Certification Summaries
+ summary: Summary for Identity
+ description: This API returns the summary for an identity on a specified identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The identity campaign certification ID
+ example: ef38f94347e94562b5bb8424a56397d8
+ - in: path
+ name: identitySummaryId
+ schema:
+ type: string
+ required: true
+ description: The identity summary ID
+ example: 2c91808772a504f50172a9540e501ba8
+ responses:
+ '200':
+ description: An identity summary
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of the identity summary
+ example: 2c91808772a504f50172a9540e501ba7
+ name:
+ type: string
+ description: Name of the linked identity
+ example: Alison Ferguso
+ identityId:
+ type: string
+ description: The ID of the identity being certified
+ example: 2c9180857182306001719937377a33de
+ completed:
+ type: boolean
+ description: Indicates whether the review items for the linked identity's certification have been completed
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/identities/{identity-id}/set-lifecycle-state':
+ post:
+ operationId: setLifecycleState
+ tags:
+ - Lifecycle States
+ summary: Set Lifecycle State
+ description: |-
+ This endpoint will set/update an identity's lifecycle state to the one provided and updates the corresponding Identity Profile.
+ A token with ORG_ADMIN or API authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:identity-lifecycle-state:update'
+ parameters:
+ - in: path
+ name: identity-id
+ description: The ID of the identity to update
+ required: true
+ example: 2c9180857893f1290178944561990364
+ schema:
+ type: string
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ lifecycleStateId:
+ type: string
+ description: The ID of the lifecycle state to set
+ example: 2c9180877a86e408017a8c19fefe046c
+ responses:
+ '200':
+ description: The request was successfully accepted into the system.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ accountActivityId:
+ type: string
+ example: 2c9180837ab5b716017ab7c6c9ef1e20
+ description: The ID of the IdentityRequest object that was generated when the workflow launches
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/identity-profiles/{identity-profile-id}/lifecycle-states':
+ get:
+ operationId: listLifecycleStates
+ tags:
+ - Lifecycle States
+ summary: Lists LifecycleStates
+ description: |-
+ This end-point lists all the LifecycleStates associated with IdentityProfiles.
+ A token with API, or ORG_ADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:identity-profile-lifecycle-state:read'
+ parameters:
+ - in: path
+ name: identity-profile-id
+ description: The IdentityProfile id
+ required: true
+ schema:
+ type: string
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: sorters
+ schema:
+ type: string
+ format: comma-separated
+ description: |-
+ Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+
+ Sorting is supported for the following fields: **created, modified**
+ responses:
+ '200':
+ description: List of LifecycleState objects
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ required:
+ - technicalName
+ properties:
+ enabled:
+ type: boolean
+ example: true
+ description: Whether the lifecycle state is enabled or disabled.
+ technicalName:
+ type: string
+ example: Technical Name
+ description: The technical name for lifecycle state. This is for internal use.
+ description:
+ type: string
+ example: Lifecycle description
+ description: Lifecycle state description.
+ identityCount:
+ type: integer
+ format: int32
+ example: 42
+ readOnly: true
+ description: Number of identities that have the lifecycle state.
+ emailNotificationOption:
+ type: object
+ description: This is used for representing email configuration for a lifecycle state
+ properties:
+ notifyManagers:
+ type: boolean
+ example: true
+ description: 'If true, then the manager is notified of the lifecycle state change.'
+ notifyAllAdmins:
+ type: boolean
+ example: true
+ description: 'If true, then all the admins are notified of the lifecycle state change.'
+ notifySpecificUsers:
+ type: boolean
+ example: true
+ description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.'
+ emailAddressList:
+ type: array
+ example:
+ - test@test.com
+ - test2@test.com
+ items:
+ type: string
+ description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.'
+ accountActions:
+ type: array
+ items:
+ type: object
+ description: Object for specifying Actions to be performed on a specified list of sources' account.
+ properties:
+ action:
+ example: ENABLE
+ type: string
+ description: Describes if action will be enabled or disabled
+ enum:
+ - ENABLE
+ - DISABLE
+ sourceIds:
+ type: array
+ items:
+ type: string
+ uniqueItems: true
+ example:
+ - 2c918084660f45d6016617daa9210584
+ - 2c918084660f45d6016617daa9210500
+ description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features.
+ accessProfileIds:
+ type: array
+ items:
+ type: string
+ uniqueItems: true
+ example:
+ - 2c918084660f45d6016617daa9210584
+ - 2c918084660f45d6016617daa9210500
+ description: List of unique access-profile IDs that are associated with the lifecycle state.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ post:
+ operationId: createLifecycleState
+ tags:
+ - Lifecycle States
+ summary: Create Lifecycle State
+ description: |-
+ This API creates a new Lifecycle State.
+ A token with ORG_ADMIN or API authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:identity-profile-lifecycle-state:create'
+ parameters:
+ - in: path
+ name: identity-profile-id
+ description: Identity Profile ID
+ required: true
+ schema:
+ type: string
+ requestBody:
+ description: Lifecycle State
+ required: true
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ required:
+ - technicalName
+ properties:
+ enabled:
+ type: boolean
+ example: true
+ description: Whether the lifecycle state is enabled or disabled.
+ technicalName:
+ type: string
+ example: Technical Name
+ description: The technical name for lifecycle state. This is for internal use.
+ description:
+ type: string
+ example: Lifecycle description
+ description: Lifecycle state description.
+ identityCount:
+ type: integer
+ format: int32
+ example: 42
+ readOnly: true
+ description: Number of identities that have the lifecycle state.
+ emailNotificationOption:
+ type: object
+ description: This is used for representing email configuration for a lifecycle state
+ properties:
+ notifyManagers:
+ type: boolean
+ example: true
+ description: 'If true, then the manager is notified of the lifecycle state change.'
+ notifyAllAdmins:
+ type: boolean
+ example: true
+ description: 'If true, then all the admins are notified of the lifecycle state change.'
+ notifySpecificUsers:
+ type: boolean
+ example: true
+ description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.'
+ emailAddressList:
+ type: array
+ example:
+ - test@test.com
+ - test2@test.com
+ items:
+ type: string
+ description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.'
+ accountActions:
+ type: array
+ items:
+ type: object
+ description: Object for specifying Actions to be performed on a specified list of sources' account.
+ properties:
+ action:
+ example: ENABLE
+ type: string
+ description: Describes if action will be enabled or disabled
+ enum:
+ - ENABLE
+ - DISABLE
+ sourceIds:
+ type: array
+ items:
+ type: string
+ uniqueItems: true
+ example:
+ - 2c918084660f45d6016617daa9210584
+ - 2c918084660f45d6016617daa9210500
+ description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features.
+ accessProfileIds:
+ type: array
+ items:
+ type: string
+ uniqueItems: true
+ example:
+ - 2c918084660f45d6016617daa9210584
+ - 2c918084660f45d6016617daa9210500
+ description: List of unique access-profile IDs that are associated with the lifecycle state.
+ responses:
+ '201':
+ description: Created LifecycleState object.
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ required:
+ - technicalName
+ properties:
+ enabled:
+ type: boolean
+ example: true
+ description: Whether the lifecycle state is enabled or disabled.
+ technicalName:
+ type: string
+ example: Technical Name
+ description: The technical name for lifecycle state. This is for internal use.
+ description:
+ type: string
+ example: Lifecycle description
+ description: Lifecycle state description.
+ identityCount:
+ type: integer
+ format: int32
+ example: 42
+ readOnly: true
+ description: Number of identities that have the lifecycle state.
+ emailNotificationOption:
+ type: object
+ description: This is used for representing email configuration for a lifecycle state
+ properties:
+ notifyManagers:
+ type: boolean
+ example: true
+ description: 'If true, then the manager is notified of the lifecycle state change.'
+ notifyAllAdmins:
+ type: boolean
+ example: true
+ description: 'If true, then all the admins are notified of the lifecycle state change.'
+ notifySpecificUsers:
+ type: boolean
+ example: true
+ description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.'
+ emailAddressList:
+ type: array
+ example:
+ - test@test.com
+ - test2@test.com
+ items:
+ type: string
+ description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.'
+ accountActions:
+ type: array
+ items:
+ type: object
+ description: Object for specifying Actions to be performed on a specified list of sources' account.
+ properties:
+ action:
+ example: ENABLE
+ type: string
+ description: Describes if action will be enabled or disabled
+ enum:
+ - ENABLE
+ - DISABLE
+ sourceIds:
+ type: array
+ items:
+ type: string
+ uniqueItems: true
+ example:
+ - 2c918084660f45d6016617daa9210584
+ - 2c918084660f45d6016617daa9210500
+ description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features.
+ accessProfileIds:
+ type: array
+ items:
+ type: string
+ uniqueItems: true
+ example:
+ - 2c918084660f45d6016617daa9210584
+ - 2c918084660f45d6016617daa9210500
+ description: List of unique access-profile IDs that are associated with the lifecycle state.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/identity-profiles/{identity-profile-id}/lifecycle-states/{lifecycle-state-id}':
+ get:
+ operationId: getLifecycleState
+ tags:
+ - Lifecycle States
+ summary: Retrieves Lifecycle State
+ description: |-
+ This endpoint retrieves a Lifecycle State.
+ A token with ORG_ADMIN or API authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:identity-profile-lifecycle-state:read'
+ parameters:
+ - in: path
+ name: identity-profile-id
+ description: Identity Profile ID
+ required: true
+ schema:
+ type: string
+ - in: path
+ name: lifecycle-state-id
+ description: Lifecycle State ID
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ description: The requested LifecycleState was successfully retrieved.
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ required:
+ - technicalName
+ properties:
+ enabled:
+ type: boolean
+ example: true
+ description: Whether the lifecycle state is enabled or disabled.
+ technicalName:
+ type: string
+ example: Technical Name
+ description: The technical name for lifecycle state. This is for internal use.
+ description:
+ type: string
+ example: Lifecycle description
+ description: Lifecycle state description.
+ identityCount:
+ type: integer
+ format: int32
+ example: 42
+ readOnly: true
+ description: Number of identities that have the lifecycle state.
+ emailNotificationOption:
+ type: object
+ description: This is used for representing email configuration for a lifecycle state
+ properties:
+ notifyManagers:
+ type: boolean
+ example: true
+ description: 'If true, then the manager is notified of the lifecycle state change.'
+ notifyAllAdmins:
+ type: boolean
+ example: true
+ description: 'If true, then all the admins are notified of the lifecycle state change.'
+ notifySpecificUsers:
+ type: boolean
+ example: true
+ description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.'
+ emailAddressList:
+ type: array
+ example:
+ - test@test.com
+ - test2@test.com
+ items:
+ type: string
+ description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.'
+ accountActions:
+ type: array
+ items:
+ type: object
+ description: Object for specifying Actions to be performed on a specified list of sources' account.
+ properties:
+ action:
+ example: ENABLE
+ type: string
+ description: Describes if action will be enabled or disabled
+ enum:
+ - ENABLE
+ - DISABLE
+ sourceIds:
+ type: array
+ items:
+ type: string
+ uniqueItems: true
+ example:
+ - 2c918084660f45d6016617daa9210584
+ - 2c918084660f45d6016617daa9210500
+ description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features.
+ accessProfileIds:
+ type: array
+ items:
+ type: string
+ uniqueItems: true
+ example:
+ - 2c918084660f45d6016617daa9210584
+ - 2c918084660f45d6016617daa9210500
+ description: List of unique access-profile IDs that are associated with the lifecycle state.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ patch:
+ operationId: updateLifecycleStates
+ tags:
+ - Lifecycle States
+ summary: Update Lifecycle State
+ description: |-
+ This endpoint updates individual Lifecycle State fields using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
+ A token with ORG_ADMIN or API authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:identity-profile-lifecycle-state:update'
+ parameters:
+ - in: path
+ name: identity-profile-id
+ description: Identity Profile ID
+ required: true
+ schema:
+ type: string
+ - in: path
+ name: lifecycle-state-id
+ description: Lifecycle State ID
+ required: true
+ schema:
+ type: string
+ requestBody:
+ required: true
+ description: |
+ A list of lifecycle state update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
+
+ The following fields can be updated:
+ * enabled
+ * description
+ * accountActions
+ * accessProfileIds
+ * emailNotificationOption
+ content:
+ application/json-patch+json:
+ schema:
+ type: array
+ items:
+ type: object
+ description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
+ required:
+ - op
+ - path
+ properties:
+ op:
+ type: string
+ description: The operation to be performed
+ enum:
+ - add
+ - remove
+ - replace
+ - move
+ - copy
+ - test
+ example: replace
+ path:
+ type: string
+ description: A string JSON Pointer representing the target path to an element to be affected by the operation
+ example: /description
+ value:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ - type: array
+ items:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ description: 'The value to be used for the operation, required for "add" and "replace" operations'
+ example: New description
+ example:
+ - op: replace
+ path: /description
+ value: Updated description!
+ - op: replace
+ path: /accessProfileIds
+ value:
+ - 2c918087742bab150174407a80f3125e
+ - 2c918087742bab150174407a80f3124f
+ - op: replace
+ path: /accountActions
+ value:
+ - action: ENABLE
+ sourceIds:
+ - 2c9180846a2f82fb016a481c1b1560c5
+ - 2c9180846a2f82fb016a481c1b1560cc
+ - action: DISABLE
+ sourceIds:
+ - 2c91808869a0c9980169a207258513fb
+ - op: replace
+ path: /emailNotificationOption
+ value:
+ notifyManagers: true
+ notifyAllAdmins: false
+ notifySpecificUsers: false
+ emailAddressList: []
+ responses:
+ '200':
+ description: The LifecycleState was successfully updated.
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ required:
+ - technicalName
+ properties:
+ enabled:
+ type: boolean
+ example: true
+ description: Whether the lifecycle state is enabled or disabled.
+ technicalName:
+ type: string
+ example: Technical Name
+ description: The technical name for lifecycle state. This is for internal use.
+ description:
+ type: string
+ example: Lifecycle description
+ description: Lifecycle state description.
+ identityCount:
+ type: integer
+ format: int32
+ example: 42
+ readOnly: true
+ description: Number of identities that have the lifecycle state.
+ emailNotificationOption:
+ type: object
+ description: This is used for representing email configuration for a lifecycle state
+ properties:
+ notifyManagers:
+ type: boolean
+ example: true
+ description: 'If true, then the manager is notified of the lifecycle state change.'
+ notifyAllAdmins:
+ type: boolean
+ example: true
+ description: 'If true, then all the admins are notified of the lifecycle state change.'
+ notifySpecificUsers:
+ type: boolean
+ example: true
+ description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.'
+ emailAddressList:
+ type: array
+ example:
+ - test@test.com
+ - test2@test.com
+ items:
+ type: string
+ description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.'
+ accountActions:
+ type: array
+ items:
+ type: object
+ description: Object for specifying Actions to be performed on a specified list of sources' account.
+ properties:
+ action:
+ example: ENABLE
+ type: string
+ description: Describes if action will be enabled or disabled
+ enum:
+ - ENABLE
+ - DISABLE
+ sourceIds:
+ type: array
+ items:
+ type: string
+ uniqueItems: true
+ example:
+ - 2c918084660f45d6016617daa9210584
+ - 2c918084660f45d6016617daa9210500
+ description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features.
+ accessProfileIds:
+ type: array
+ items:
+ type: string
+ uniqueItems: true
+ example:
+ - 2c918084660f45d6016617daa9210584
+ - 2c918084660f45d6016617daa9210500
+ description: List of unique access-profile IDs that are associated with the lifecycle state.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ delete:
+ operationId: deleteLifecycleState
+ tags:
+ - Lifecycle States
+ summary: Delete Lifecycle State by ID
+ description: |-
+ This endpoint deletes the Lifecycle State using it's ID.
+ A token with API, or ORG_ADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:identity-profile-lifecycle-state:delete'
+ parameters:
+ - in: path
+ name: identity-profile-id
+ description: Identity Profile ID
+ required: true
+ schema:
+ type: string
+ - in: path
+ name: lifecycle-state-id
+ description: Lifecycle State ID
+ required: true
+ schema:
+ type: string
+ responses:
+ '202':
+ description: The request was successfully accepted into the system.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /identity-profiles:
+ get:
+ operationId: listIdentityProfiles
+ tags:
+ - Identity Profiles
+ summary: Identity Profiles List
+ description: |-
+ This returns a list of Identity Profiles based on the specified query parameters.
+ A token with ORG_ADMIN or API authority is required to call this API to get a list of Identity Profiles.
+ parameters:
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: filters
+ schema:
+ type: string
+ description: |-
+ Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+
+ Filtering is supported for the following fields and operators:
+
+ **id**: *eq, ne*
+
+ **name**: *eq, ne*
+
+ **priority**: *eq, ne*
+ - in: query
+ name: sorters
+ schema:
+ type: string
+ format: comma-separated
+ description: |-
+ Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+
+ Sorting is supported for the following fields: **id**, **name**, **priority**
+ responses:
+ '200':
+ description: List of identityProfiles.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ - type: object
+ properties:
+ description:
+ type: string
+ description: The description of the Identity Profile.
+ example: My custom flat file profile
+ owner:
+ description: The owner of the Identity Profile.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ priority:
+ type: integer
+ format: int64
+ description: The priority for an Identity Profile.
+ example: 10
+ authoritativeSource:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - SOURCE
+ description: Type of the object to which this reference applies
+ example: SOURCE
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c9180835d191a86015d28455b4b232a
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: HR Active Directory
+ identityRefreshRequired:
+ type: boolean
+ description: True if a identity refresh is needed. Typically triggered when a change on the source has been made.
+ example: true
+ identityCount:
+ type: integer
+ description: The number of identities that belong to the Identity Profile.
+ format: int32
+ example: 8
+ identityAttributeConfig:
+ type: object
+ description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
+ properties:
+ enabled:
+ description: The backend will only promote values if the profile/mapping is enabled.
+ type: boolean
+ example: true
+ attributeTransforms:
+ type: array
+ items:
+ type: object
+ description: Defines a transformation definition for an identity attribute.
+ properties:
+ identityAttributeName:
+ type: string
+ description: Name of the identity attribute.
+ example: email
+ transformDefinition:
+ description: The seaspray transformation definition.
+ type: object
+ properties:
+ type:
+ type: string
+ description: The type of the transform definition.
+ example: accountAttribute
+ attributes:
+ type: object
+ additionalProperties:
+ type: object
+ description: Arbitrary key-value pairs to store any metadata for the object
+ example:
+ attributeName: e-mail
+ sourceName: MySource
+ sourceId: 2c9180877a826e68017a8c0b03da1a53
+ identityExceptionReportReference:
+ type: object
+ properties:
+ taskResultId:
+ type: string
+ format: uuid
+ description: The id of the task result.
+ example: 2c918086795cd09201795d5f7d7533df
+ reportName:
+ type: string
+ example: My annual report
+ description: The name of the report.
+ hasTimeBasedAttr:
+ description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
+ type: boolean
+ example: true
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:identity-profile:read'
+ /identity-profiles/export:
+ get:
+ operationId: exportIdentityProfiles
+ tags:
+ - Identity Profiles
+ summary: Export Identity Profiles
+ description: This exports existing identity profiles in the format specified by the sp-config service.
+ parameters:
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: filters
+ schema:
+ type: string
+ description: |-
+ Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+
+ Filtering is supported for the following fields and operators:
+
+ **id**: *eq, ne*
+
+ **name**: *eq, ne*
+
+ **priority**: *eq, ne*
+ - in: query
+ name: sorters
+ schema:
+ type: string
+ format: comma-separated
+ description: |-
+ Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+
+ Sorting is supported for the following fields: **id**, **name**, **priority**
+ responses:
+ '200':
+ description: List of export objects with identity profiles.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ description: Identity Profile exported object
+ properties:
+ version:
+ type: integer
+ example: 1
+ description: Version or object from the target service.
+ self:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ object:
+ allOf:
+ - type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ - type: object
+ properties:
+ description:
+ type: string
+ description: The description of the Identity Profile.
+ example: My custom flat file profile
+ owner:
+ description: The owner of the Identity Profile.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ priority:
+ type: integer
+ format: int64
+ description: The priority for an Identity Profile.
+ example: 10
+ authoritativeSource:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - SOURCE
+ description: Type of the object to which this reference applies
+ example: SOURCE
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c9180835d191a86015d28455b4b232a
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: HR Active Directory
+ identityRefreshRequired:
+ type: boolean
+ description: True if a identity refresh is needed. Typically triggered when a change on the source has been made.
+ example: true
+ identityCount:
+ type: integer
+ description: The number of identities that belong to the Identity Profile.
+ format: int32
+ example: 8
+ identityAttributeConfig:
+ type: object
+ description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
+ properties:
+ enabled:
+ description: The backend will only promote values if the profile/mapping is enabled.
+ type: boolean
+ example: true
+ attributeTransforms:
+ type: array
+ items:
+ type: object
+ description: Defines a transformation definition for an identity attribute.
+ properties:
+ identityAttributeName:
+ type: string
+ description: Name of the identity attribute.
+ example: email
+ transformDefinition:
+ description: The seaspray transformation definition.
+ type: object
+ properties:
+ type:
+ type: string
+ description: The type of the transform definition.
+ example: accountAttribute
+ attributes:
+ type: object
+ additionalProperties:
+ type: object
+ description: Arbitrary key-value pairs to store any metadata for the object
+ example:
+ attributeName: e-mail
+ sourceName: MySource
+ sourceId: 2c9180877a826e68017a8c0b03da1a53
+ identityExceptionReportReference:
+ type: object
+ properties:
+ taskResultId:
+ type: string
+ format: uuid
+ description: The id of the task result.
+ example: 2c918086795cd09201795d5f7d7533df
+ reportName:
+ type: string
+ example: My annual report
+ description: The name of the report.
+ hasTimeBasedAttr:
+ description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
+ type: boolean
+ example: true
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:identity-profile:read'
+ /identity-profiles/import:
+ post:
+ operationId: importIdentityProfiles
+ summary: Import Identity Profiles
+ description: This imports previously exported identity profiles.
+ tags:
+ - Identity Profiles
+ requestBody:
+ description: Previously exported Identity Profiles.
+ required: true
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ description: Identity Profile exported object
+ properties:
+ version:
+ type: integer
+ example: 1
+ description: Version or object from the target service.
+ self:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ object:
+ allOf:
+ - type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ - type: object
+ properties:
+ description:
+ type: string
+ description: The description of the Identity Profile.
+ example: My custom flat file profile
+ owner:
+ description: The owner of the Identity Profile.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ priority:
+ type: integer
+ format: int64
+ description: The priority for an Identity Profile.
+ example: 10
+ authoritativeSource:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - SOURCE
+ description: Type of the object to which this reference applies
+ example: SOURCE
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c9180835d191a86015d28455b4b232a
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: HR Active Directory
+ identityRefreshRequired:
+ type: boolean
+ description: True if a identity refresh is needed. Typically triggered when a change on the source has been made.
+ example: true
+ identityCount:
+ type: integer
+ description: The number of identities that belong to the Identity Profile.
+ format: int32
+ example: 8
+ identityAttributeConfig:
+ type: object
+ description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
+ properties:
+ enabled:
+ description: The backend will only promote values if the profile/mapping is enabled.
+ type: boolean
+ example: true
+ attributeTransforms:
+ type: array
+ items:
+ type: object
+ description: Defines a transformation definition for an identity attribute.
+ properties:
+ identityAttributeName:
+ type: string
+ description: Name of the identity attribute.
+ example: email
+ transformDefinition:
+ description: The seaspray transformation definition.
+ type: object
+ properties:
+ type:
+ type: string
+ description: The type of the transform definition.
+ example: accountAttribute
+ attributes:
+ type: object
+ additionalProperties:
+ type: object
+ description: Arbitrary key-value pairs to store any metadata for the object
+ example:
+ attributeName: e-mail
+ sourceName: MySource
+ sourceId: 2c9180877a826e68017a8c0b03da1a53
+ identityExceptionReportReference:
+ type: object
+ properties:
+ taskResultId:
+ type: string
+ format: uuid
+ description: The id of the task result.
+ example: 2c918086795cd09201795d5f7d7533df
+ reportName:
+ type: string
+ example: My annual report
+ description: The name of the report.
+ hasTimeBasedAttr:
+ description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
+ type: boolean
+ example: true
+ responses:
+ '200':
+ description: The result of importing Identity Profiles.
+ content:
+ application/json:
+ schema:
+ type: object
+ title: Import Object Response Body
+ description: Response model for import of a single object.
+ properties:
+ infos:
+ description: Informational messages returned from the target service on import.
+ type: array
+ items:
+ type: object
+ title: Config Import/Export Message
+ description: Message model for Config Import/Export.
+ properties:
+ key:
+ type: string
+ description: Message key.
+ example: UNKNOWN_REFERENCE_RESOLVER
+ text:
+ type: string
+ description: Message text.
+ example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
+ details:
+ type: object
+ description: 'Message details if any, in key:value pairs.'
+ additionalProperties:
+ type: object
+ example:
+ details: message details
+ required:
+ - key
+ - text
+ - details
+ warnings:
+ description: Warning messages returned from the target service on import.
+ type: array
+ items:
+ type: object
+ title: Config Import/Export Message
+ description: Message model for Config Import/Export.
+ properties:
+ key:
+ type: string
+ description: Message key.
+ example: UNKNOWN_REFERENCE_RESOLVER
+ text:
+ type: string
+ description: Message text.
+ example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
+ details:
+ type: object
+ description: 'Message details if any, in key:value pairs.'
+ additionalProperties:
+ type: object
+ example:
+ details: message details
+ required:
+ - key
+ - text
+ - details
+ errors:
+ description: Error messages returned from the target service on import.
+ type: array
+ items:
+ type: object
+ title: Config Import/Export Message
+ description: Message model for Config Import/Export.
+ properties:
+ key:
+ type: string
+ description: Message key.
+ example: UNKNOWN_REFERENCE_RESOLVER
+ text:
+ type: string
+ description: Message text.
+ example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]'
+ details:
+ type: object
+ description: 'Message details if any, in key:value pairs.'
+ additionalProperties:
+ type: object
+ example:
+ details: message details
+ required:
+ - key
+ - text
+ - details
+ importedObjects:
+ description: References to objects that were created or updated by the import.
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ required:
+ - infos
+ - warnings
+ - errors
+ - importedObjects
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:identity-profile:create'
+ '/identity-profiles/{identity-profile-id}':
+ get:
+ operationId: getIdentityProfile
+ tags:
+ - Identity Profiles
+ summary: Get single Identity Profile
+ description: |-
+ This returns a single Identity Profile based on ID.
+ A token with ORG_ADMIN or API authority is required to call this API.
+ parameters:
+ - in: path
+ name: identity-profile-id
+ schema:
+ type: string
+ format: uuid
+ required: true
+ description: The Identity Profile ID.
+ example: ef38f94347e94562b5bb8424a56397d8
+ responses:
+ '200':
+ description: An Identity Profile object.
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ - type: object
+ properties:
+ description:
+ type: string
+ description: The description of the Identity Profile.
+ example: My custom flat file profile
+ owner:
+ description: The owner of the Identity Profile.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ priority:
+ type: integer
+ format: int64
+ description: The priority for an Identity Profile.
+ example: 10
+ authoritativeSource:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - SOURCE
+ description: Type of the object to which this reference applies
+ example: SOURCE
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c9180835d191a86015d28455b4b232a
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: HR Active Directory
+ identityRefreshRequired:
+ type: boolean
+ description: True if a identity refresh is needed. Typically triggered when a change on the source has been made.
+ example: true
+ identityCount:
+ type: integer
+ description: The number of identities that belong to the Identity Profile.
+ format: int32
+ example: 8
+ identityAttributeConfig:
+ type: object
+ description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
+ properties:
+ enabled:
+ description: The backend will only promote values if the profile/mapping is enabled.
+ type: boolean
+ example: true
+ attributeTransforms:
+ type: array
+ items:
+ type: object
+ description: Defines a transformation definition for an identity attribute.
+ properties:
+ identityAttributeName:
+ type: string
+ description: Name of the identity attribute.
+ example: email
+ transformDefinition:
+ description: The seaspray transformation definition.
+ type: object
+ properties:
+ type:
+ type: string
+ description: The type of the transform definition.
+ example: accountAttribute
+ attributes:
+ type: object
+ additionalProperties:
+ type: object
+ description: Arbitrary key-value pairs to store any metadata for the object
+ example:
+ attributeName: e-mail
+ sourceName: MySource
+ sourceId: 2c9180877a826e68017a8c0b03da1a53
+ identityExceptionReportReference:
+ type: object
+ properties:
+ taskResultId:
+ type: string
+ format: uuid
+ description: The id of the task result.
+ example: 2c918086795cd09201795d5f7d7533df
+ reportName:
+ type: string
+ example: My annual report
+ description: The name of the report.
+ hasTimeBasedAttr:
+ description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
+ type: boolean
+ example: true
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:identity-profile:read'
+ '/identity-profiles/{identity-profile-id}/default-identity-attribute-config':
+ get:
+ operationId: getDefaultIdentityAttributeConfig
+ tags:
+ - Identity Profiles
+ summary: Get default Identity Attribute Config
+ description: |-
+ This returns the default identity attribute config.
+ A token with ORG_ADMIN authority is required to call this API to get the default identity attribute config.
+ parameters:
+ - in: path
+ name: identity-profile-id
+ schema:
+ type: string
+ format: uuid
+ required: true
+ description: The Identity Profile ID.
+ example: ef38f94347e94562b5bb8424a56397d8
+ responses:
+ '200':
+ description: An Identity Attribute Config object.
+ content:
+ application/json:
+ schema:
+ type: object
+ description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
+ properties:
+ enabled:
+ description: The backend will only promote values if the profile/mapping is enabled.
+ type: boolean
+ example: true
+ attributeTransforms:
+ type: array
+ items:
+ type: object
+ description: Defines a transformation definition for an identity attribute.
+ properties:
+ identityAttributeName:
+ type: string
+ description: Name of the identity attribute.
+ example: email
+ transformDefinition:
+ description: The seaspray transformation definition.
+ type: object
+ properties:
+ type:
+ type: string
+ description: The type of the transform definition.
+ example: accountAttribute
+ attributes:
+ type: object
+ additionalProperties:
+ type: object
+ description: Arbitrary key-value pairs to store any metadata for the object
+ example:
+ attributeName: e-mail
+ sourceName: MySource
+ sourceId: 2c9180877a826e68017a8c0b03da1a53
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:identity-profile-default-mapping:read'
+ /non-employee-records:
+ post:
+ operationId: nonEmployeeRecordCreation
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Create Non-Employee Record
+ description: |-
+ This request will create a non-employee record.
+ Requires role context of `idn:nesr:create`
+ requestBody:
+ description: Non-Employee record creation request body.
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ accountName:
+ type: string
+ description: Requested identity account name.
+ example: william.smith
+ firstName:
+ type: string
+ description: Non-Employee's first name.
+ example: William
+ lastName:
+ type: string
+ description: Non-Employee's last name.
+ example: Smith
+ email:
+ type: string
+ description: Non-Employee's email.
+ example: william.smith@example.com
+ phone:
+ type: string
+ description: Non-Employee's phone.
+ example: '5555555555'
+ manager:
+ type: string
+ description: The account ID of a valid identity to serve as this non-employee's manager.
+ example: jane.doe
+ sourceId:
+ type: string
+ description: Non-Employee's source id.
+ example: 2c91808568c529c60168cca6f90c1313
+ data:
+ type: object
+ additionalProperties:
+ type: string
+ description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.'
+ startDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment start date.
+ example: '2020-03-24T00:00:00-05:00'
+ endDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment end date.
+ example: '2021-03-25T00:00:00-05:00'
+ required:
+ - accountName
+ - firstName
+ - lastName
+ - email
+ - phone
+ - manager
+ - sourceId
+ - startDate
+ - endDate
+ responses:
+ '200':
+ description: Created non-employee record.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee record id.
+ accountName:
+ type: string
+ description: Requested identity account name.
+ firstName:
+ type: string
+ description: Non-Employee's first name.
+ example: William
+ lastName:
+ type: string
+ description: Non-Employee's last name.
+ example: Smith
+ email:
+ type: string
+ description: Non-Employee's email.
+ example: william.smith@example.com
+ phone:
+ type: string
+ description: Non-Employee's phone.
+ example: '5555555555'
+ manager:
+ type: string
+ description: The account ID of a valid identity to serve as this non-employee's manager.
+ example: jane.doe
+ sourceId:
+ type: string
+ description: Non-Employee's source id.
+ example: 2c91808568c529c60168cca6f90c1313
+ data:
+ type: object
+ additionalProperties:
+ type: string
+ description: Attribute blob/bag for a non-employee.
+ startDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment start date.
+ example: '2019-08-23T18:52:59.162Z'
+ endDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment end date.
+ example: '2020-08-23T18:52:59.162Z'
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2019-08-23T18:40:35.772Z'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ get:
+ operationId: nonEmployeeRecordList
+ security:
+ - oauth2: []
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: List Non-Employee Records
+ description: |-
+ This gets a list of non-employee records.
There are two contextual uses for this endpoint:
+ 1. The user has the role context of `idn:nesr:read`, in which case they can get a list of all of the non-employees.
+ 2. The user is an account manager, in which case they can get a list of the non-employees that they manage.
+ parameters:
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: sorters
+ required: false
+ schema:
+ type: string
+ format: comma-separated
+ example: 'accountName,sourceId'
+ description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**'
+ - in: query
+ name: filters
+ required: false
+ schema:
+ type: string
+ example: sourceId eq "2c91808568c529c60168cca6f90c1313"
+ description: 'Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)
Filtering is supported for the following fields and operators:
**sourceId**: *eq*
*Example:* sourceId eq "2c91808568c529c60168cca6f90c1313"'
+ responses:
+ '200':
+ description: Non-Employee record objects
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee record id.
+ accountName:
+ type: string
+ description: Requested identity account name.
+ firstName:
+ type: string
+ description: Non-Employee's first name.
+ example: William
+ lastName:
+ type: string
+ description: Non-Employee's last name.
+ example: Smith
+ email:
+ type: string
+ description: Non-Employee's email.
+ example: william.smith@example.com
+ phone:
+ type: string
+ description: Non-Employee's phone.
+ example: '5555555555'
+ manager:
+ type: string
+ description: The account ID of a valid identity to serve as this non-employee's manager.
+ example: jane.doe
+ sourceId:
+ type: string
+ description: Non-Employee's source id.
+ example: 2c91808568c529c60168cca6f90c1313
+ data:
+ type: object
+ additionalProperties:
+ type: string
+ description: Attribute blob/bag for a non-employee.
+ startDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment start date.
+ example: '2019-08-23T18:52:59.162Z'
+ endDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment end date.
+ example: '2020-08-23T18:52:59.162Z'
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2019-08-23T18:40:35.772Z'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/non-employee-records/{id}':
+ get:
+ operationId: nonEmployeeRecordGet
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Get a Non-Employee Record
+ description: |-
+ This gets a non-employee record.
+ Requires role context of `idn:nesr:read`
+ parameters:
+ - in: path
+ name: id
+ description: Non-Employee record id (UUID)
+ required: true
+ example: ef38f94347e94562b5bb8424a56397d8
+ schema:
+ type: string
+ responses:
+ '200':
+ description: Non-Employee record object
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee record id.
+ accountName:
+ type: string
+ description: Requested identity account name.
+ firstName:
+ type: string
+ description: Non-Employee's first name.
+ example: William
+ lastName:
+ type: string
+ description: Non-Employee's last name.
+ example: Smith
+ email:
+ type: string
+ description: Non-Employee's email.
+ example: william.smith@example.com
+ phone:
+ type: string
+ description: Non-Employee's phone.
+ example: '5555555555'
+ manager:
+ type: string
+ description: The account ID of a valid identity to serve as this non-employee's manager.
+ example: jane.doe
+ sourceId:
+ type: string
+ description: Non-Employee's source id.
+ example: 2c91808568c529c60168cca6f90c1313
+ data:
+ type: object
+ additionalProperties:
+ type: string
+ description: Attribute blob/bag for a non-employee.
+ startDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment start date.
+ example: '2019-08-23T18:52:59.162Z'
+ endDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment end date.
+ example: '2020-08-23T18:52:59.162Z'
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2019-08-23T18:40:35.772Z'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ put:
+ operationId: nonEmployeeRecordUpdate
+ security:
+ - oauth2: []
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Update Non-Employee Record
+ description: |-
+ This request will update a non-employee record.
There are two contextual uses for this endpoint:
+ 1. The user has the role context of `idn:nesr:update`, in which case they update all available fields.
+ 2. The user is owner of the source, in this case they can only update the end date.
+ parameters:
+ - in: path
+ name: id
+ description: Non-employee record id (UUID)
+ example: ef38f94347e94562b5bb8424a56397d8
+ required: true
+ schema:
+ type: string
+ requestBody:
+ description: Non-employee record creation request body. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields.
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ accountName:
+ type: string
+ description: Requested identity account name.
+ example: william.smith
+ firstName:
+ type: string
+ description: Non-Employee's first name.
+ example: William
+ lastName:
+ type: string
+ description: Non-Employee's last name.
+ example: Smith
+ email:
+ type: string
+ description: Non-Employee's email.
+ example: william.smith@example.com
+ phone:
+ type: string
+ description: Non-Employee's phone.
+ example: '5555555555'
+ manager:
+ type: string
+ description: The account ID of a valid identity to serve as this non-employee's manager.
+ example: jane.doe
+ sourceId:
+ type: string
+ description: Non-Employee's source id.
+ example: 2c91808568c529c60168cca6f90c1313
+ data:
+ type: object
+ additionalProperties:
+ type: string
+ description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.'
+ startDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment start date.
+ example: '2020-03-24T00:00:00-05:00'
+ endDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment end date.
+ example: '2021-03-25T00:00:00-05:00'
+ required:
+ - accountName
+ - firstName
+ - lastName
+ - email
+ - phone
+ - manager
+ - sourceId
+ - startDate
+ - endDate
+ responses:
+ '200':
+ description: An updated non-employee record.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee record id.
+ accountName:
+ type: string
+ description: Requested identity account name.
+ firstName:
+ type: string
+ description: Non-Employee's first name.
+ example: William
+ lastName:
+ type: string
+ description: Non-Employee's last name.
+ example: Smith
+ email:
+ type: string
+ description: Non-Employee's email.
+ example: william.smith@example.com
+ phone:
+ type: string
+ description: Non-Employee's phone.
+ example: '5555555555'
+ manager:
+ type: string
+ description: The account ID of a valid identity to serve as this non-employee's manager.
+ example: jane.doe
+ sourceId:
+ type: string
+ description: Non-Employee's source id.
+ example: 2c91808568c529c60168cca6f90c1313
+ data:
+ type: object
+ additionalProperties:
+ type: string
+ description: Attribute blob/bag for a non-employee.
+ startDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment start date.
+ example: '2019-08-23T18:52:59.162Z'
+ endDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment end date.
+ example: '2020-08-23T18:52:59.162Z'
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2019-08-23T18:40:35.772Z'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ patch:
+ operationId: nonEmployeeRecordPatch
+ security:
+ - oauth2: []
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Patch Non-Employee Record
+ description: |-
+ This request will patch a non-employee record.
There are two contextual uses for this endpoint:
+ 1. The user has the role context of `idn:nesr:update`, in which case they update all available fields.
+ 2. The user is owner of the source, in this case they can only update the end date.
+ parameters:
+ - in: path
+ name: id
+ description: Non-employee record id (UUID)
+ example: ef38f94347e94562b5bb8424a56397d8
+ required: true
+ schema:
+ type: string
+ requestBody:
+ description: 'A list of non-employee update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields.'
+ required: true
+ content:
+ application/json-patch+json:
+ schema:
+ type: array
+ items:
+ type: object
+ description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
+ required:
+ - op
+ - path
+ properties:
+ op:
+ type: string
+ description: The operation to be performed
+ enum:
+ - add
+ - remove
+ - replace
+ - move
+ - copy
+ - test
+ example: replace
+ path:
+ type: string
+ description: A string JSON Pointer representing the target path to an element to be affected by the operation
+ example: /description
+ value:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ - type: array
+ items:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ description: 'The value to be used for the operation, required for "add" and "replace" operations'
+ example: New description
+ example:
+ - op: replace
+ path: /endDate
+ value: '2019-08-23T18:40:35.772Z'
+ responses:
+ '200':
+ description: A patched non-employee record.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee record id.
+ accountName:
+ type: string
+ description: Requested identity account name.
+ firstName:
+ type: string
+ description: Non-Employee's first name.
+ example: William
+ lastName:
+ type: string
+ description: Non-Employee's last name.
+ example: Smith
+ email:
+ type: string
+ description: Non-Employee's email.
+ example: william.smith@example.com
+ phone:
+ type: string
+ description: Non-Employee's phone.
+ example: '5555555555'
+ manager:
+ type: string
+ description: The account ID of a valid identity to serve as this non-employee's manager.
+ example: jane.doe
+ sourceId:
+ type: string
+ description: Non-Employee's source id.
+ example: 2c91808568c529c60168cca6f90c1313
+ data:
+ type: object
+ additionalProperties:
+ type: string
+ description: Attribute blob/bag for a non-employee.
+ startDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment start date.
+ example: '2019-08-23T18:52:59.162Z'
+ endDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment end date.
+ example: '2020-08-23T18:52:59.162Z'
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2019-08-23T18:40:35.772Z'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ delete:
+ operationId: nonEmployeeRecordDelete
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Delete Non-Employee Record
+ description: |-
+ This request will delete a non-employee record.
+ Requires role context of `idn:nesr:delete`
+ parameters:
+ - in: path
+ name: id
+ description: Non-Employee record id (UUID)
+ example: ef38f94347e94562b5bb8424a56397d8
+ required: true
+ schema:
+ type: string
+ responses:
+ '204':
+ description: No content - indicates the request was successful but there is no content to be returned in the response.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /non-employee-records/bulk-delete:
+ post:
+ operationId: nonEmployeeRecordBulkDelete
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Delete Multiple Non-Employee Records
+ description: 'This request will delete multiple non-employee records based on the non-employee ids provided.
Requires role context of `idn:nesr:delete`'
+ requestBody:
+ description: Non-Employee bulk delete request body.
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ ids:
+ description: List of non-employee ids.
+ type: array
+ items:
+ type: string
+ format: uuid
+ required:
+ - ids
+ responses:
+ '204':
+ description: No content - indicates the request was successful but there is no content to be returned in the response.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /non-employee-requests:
+ post:
+ operationId: nonEmployeeRequestCreation
+ security:
+ - oauth2: []
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Create Non-Employee Request
+ description: 'This request will create a non-employee request and notify the approver.
Requires role context of `idn:nesr:create` or the user must own the source.'
+ requestBody:
+ description: Non-Employee creation request body
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ accountName:
+ type: string
+ description: Requested identity account name.
+ example: william.smith
+ firstName:
+ type: string
+ description: Non-Employee's first name.
+ example: William
+ lastName:
+ type: string
+ description: Non-Employee's last name.
+ example: Smith
+ email:
+ type: string
+ description: Non-Employee's email.
+ example: william.smith@example.com
+ phone:
+ type: string
+ description: Non-Employee's phone.
+ example: '5555555555'
+ manager:
+ type: string
+ description: The account ID of a valid identity to serve as this non-employee's manager.
+ example: jane.doe
+ sourceId:
+ type: string
+ description: Non-Employee's source id.
+ example: 2c91808568c529c60168cca6f90c1313
+ data:
+ type: object
+ additionalProperties:
+ type: string
+ description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.'
+ startDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment start date.
+ example: '2020-03-24T00:00:00-05:00'
+ endDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment end date.
+ example: '2021-03-25T00:00:00-05:00'
+ required:
+ - accountName
+ - firstName
+ - lastName
+ - email
+ - phone
+ - manager
+ - sourceId
+ - startDate
+ - endDate
+ responses:
+ '200':
+ description: Non-Employee request creation object
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee source id.
+ example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
+ sourceId:
+ type: string
+ description: Source Id associated with this non-employee source.
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Source name associated with this non-employee source.
+ example: Retail
+ description:
+ type: string
+ description: Source description associated with this non-employee source.
+ example: Source description
+ - type: object
+ properties:
+ accountName:
+ type: string
+ description: Requested identity account name.
+ example: william.smith
+ firstName:
+ type: string
+ description: Non-Employee's first name.
+ example: William
+ lastName:
+ type: string
+ description: Non-Employee's last name.
+ example: Smith
+ email:
+ type: string
+ description: Non-Employee's email.
+ example: william.smith@example.com
+ phone:
+ type: string
+ description: Non-Employee's phone.
+ example: '5555555555'
+ manager:
+ type: string
+ description: The account ID of a valid identity to serve as this non-employee's manager.
+ example: jane.doe
+ nonEmployeeSource:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee source id.
+ example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
+ sourceId:
+ type: string
+ description: Source Id associated with this non-employee source.
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Source name associated with this non-employee source.
+ example: Retail
+ description:
+ type: string
+ description: Source description associated with this non-employee source.
+ example: Source description
+ data:
+ type: object
+ additionalProperties:
+ type: string
+ description: Attribute blob/bag for a non-employee.
+ approvalItems:
+ description: List of approval item for the request
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee approval item id
+ example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
+ approver:
+ description: Reference to the associated Identity
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ accountName:
+ type: string
+ description: Requested identity account name
+ example: test.account
+ approvalStatus:
+ type: string
+ enum:
+ - APPROVED
+ - REJECTED
+ - PENDING
+ - NOT_READY
+ - CANCELLED
+ description: Enum representing the non-employee request approval status
+ approvalOrder:
+ type: number
+ description: Approval order
+ example: 1
+ comment:
+ type: string
+ description: comment of approver
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2019-08-23T18:40:35.772Z'
+ approvalStatus:
+ type: string
+ enum:
+ - APPROVED
+ - REJECTED
+ - PENDING
+ - NOT_READY
+ - CANCELLED
+ description: Enum representing the non-employee request approval status
+ comment:
+ type: string
+ description: comment of requester
+ completionDate:
+ type: string
+ format: date-time
+ description: When the request was completely approved.
+ example: '2020-03-24T11:11:41.139-05:00'
+ startDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment start date.
+ example: '2020-03-24T00:00:00-05:00'
+ endDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment end date.
+ example: '2021-03-25T00:00:00-05:00'
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2020-03-24T11:11:41.139-05:00'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2020-03-24T11:11:41.139-05:00'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ 400.1 Bad Request Content:
+ description: Response for bad request content
+ value:
+ detailCode: 400.1 Bad Request Content
+ trackingId: e7eab60924f64aa284175b9fa3309599
+ messages:
+ - locale: en
+ localeOrigin: REQUEST
+ text: firstName is required; accountName is required;
+ 400.1.409 Reference conflict:
+ description: Response for reference conflict
+ value:
+ detailCode: 400.1.409 Reference conflict
+ trackingId: e7eab60924f64aa284175b9fa3309599
+ messages:
+ - locale: en
+ localeOrigin: REQUEST
+ text: Unable to create Non-Employee because the accountName "existed" is already being used.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ get:
+ operationId: nonEmployeeRequestList
+ security:
+ - oauth2: []
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: List Non-Employee Requests
+ description: |-
+ This gets a list of non-employee requests.
There are two contextual uses for the `requested-for` path parameter:
+ 1. The user has the role context of `idn:nesr:read`, in which case he or she may request a list non-employee requests assigned to a particular account manager by passing in that manager's id.
+ 2. The current user is an account manager, in which case "me" should be provided as the `requested-for` value. This will provide the user with a list of the non-employee requests in the source(s) he or she manages.
+ parameters:
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: requested-for
+ required: true
+ schema:
+ type: string
+ example: me
+ description: The identity for whom the request was made. *me* indicates the current user.
+ - in: query
+ name: sorters
+ required: false
+ schema:
+ type: string
+ format: comma-separated
+ example: 'created,approvalStatus'
+ description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**'
+ - in: query
+ name: filters
+ required: false
+ schema:
+ type: string
+ example: sourceId eq "2c91808568c529c60168cca6f90c1313"
+ description: 'Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)
Filtering is supported for the following fields and operators:
**sourceId**: *eq*
*Example:* sourceId eq "2c91808568c529c60168cca6f90c1313"'
+ responses:
+ '200':
+ description: List of non-employee request objects.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee source id.
+ example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
+ sourceId:
+ type: string
+ description: Source Id associated with this non-employee source.
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Source name associated with this non-employee source.
+ example: Retail
+ description:
+ type: string
+ description: Source description associated with this non-employee source.
+ example: Source description
+ - type: object
+ properties:
+ accountName:
+ type: string
+ description: Requested identity account name.
+ example: william.smith
+ firstName:
+ type: string
+ description: Non-Employee's first name.
+ example: William
+ lastName:
+ type: string
+ description: Non-Employee's last name.
+ example: Smith
+ email:
+ type: string
+ description: Non-Employee's email.
+ example: william.smith@example.com
+ phone:
+ type: string
+ description: Non-Employee's phone.
+ example: '5555555555'
+ manager:
+ type: string
+ description: The account ID of a valid identity to serve as this non-employee's manager.
+ example: jane.doe
+ nonEmployeeSource:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee source id.
+ example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
+ sourceId:
+ type: string
+ description: Source Id associated with this non-employee source.
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Source name associated with this non-employee source.
+ example: Retail
+ description:
+ type: string
+ description: Source description associated with this non-employee source.
+ example: Source description
+ data:
+ type: object
+ additionalProperties:
+ type: string
+ description: Attribute blob/bag for a non-employee.
+ approvalItems:
+ description: List of approval item for the request
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee approval item id
+ example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
+ approver:
+ description: Reference to the associated Identity
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ accountName:
+ type: string
+ description: Requested identity account name
+ example: test.account
+ approvalStatus:
+ type: string
+ enum:
+ - APPROVED
+ - REJECTED
+ - PENDING
+ - NOT_READY
+ - CANCELLED
+ description: Enum representing the non-employee request approval status
+ approvalOrder:
+ type: number
+ description: Approval order
+ example: 1
+ comment:
+ type: string
+ description: comment of approver
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2019-08-23T18:40:35.772Z'
+ approvalStatus:
+ type: string
+ enum:
+ - APPROVED
+ - REJECTED
+ - PENDING
+ - NOT_READY
+ - CANCELLED
+ description: Enum representing the non-employee request approval status
+ comment:
+ type: string
+ description: comment of requester
+ completionDate:
+ type: string
+ format: date-time
+ description: When the request was completely approved.
+ example: '2020-03-24T11:11:41.139-05:00'
+ startDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment start date.
+ example: '2020-03-24T00:00:00-05:00'
+ endDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment end date.
+ example: '2021-03-25T00:00:00-05:00'
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2020-03-24T11:11:41.139-05:00'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2020-03-24T11:11:41.139-05:00'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/non-employee-requests/{id}':
+ get:
+ operationId: nonEmployeeRequestGet
+ security:
+ - oauth2: []
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Get a Non-Employee Request
+ description: |-
+ This gets a non-employee request.
+ There are two contextual uses for this endpoint:
+ 1. The user has the role context of `idn:nesr:read`, in this case the user can get the non-employee request for any user.
+ 2. The user must be the owner of the non-employee request.
+ parameters:
+ - in: path
+ name: id
+ description: Non-Employee request id (UUID)
+ example: ef38f94347e94562b5bb8424a56397d8
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ description: Non-Employee request object.
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee source id.
+ example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
+ sourceId:
+ type: string
+ description: Source Id associated with this non-employee source.
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Source name associated with this non-employee source.
+ example: Retail
+ description:
+ type: string
+ description: Source description associated with this non-employee source.
+ example: Source description
+ - type: object
+ properties:
+ accountName:
+ type: string
+ description: Requested identity account name.
+ example: william.smith
+ firstName:
+ type: string
+ description: Non-Employee's first name.
+ example: William
+ lastName:
+ type: string
+ description: Non-Employee's last name.
+ example: Smith
+ email:
+ type: string
+ description: Non-Employee's email.
+ example: william.smith@example.com
+ phone:
+ type: string
+ description: Non-Employee's phone.
+ example: '5555555555'
+ manager:
+ type: string
+ description: The account ID of a valid identity to serve as this non-employee's manager.
+ example: jane.doe
+ nonEmployeeSource:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee source id.
+ example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
+ sourceId:
+ type: string
+ description: Source Id associated with this non-employee source.
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Source name associated with this non-employee source.
+ example: Retail
+ description:
+ type: string
+ description: Source description associated with this non-employee source.
+ example: Source description
+ data:
+ type: object
+ additionalProperties:
+ type: string
+ description: Attribute blob/bag for a non-employee.
+ approvalItems:
+ description: List of approval item for the request
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee approval item id
+ example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
+ approver:
+ description: Reference to the associated Identity
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ accountName:
+ type: string
+ description: Requested identity account name
+ example: test.account
+ approvalStatus:
+ type: string
+ enum:
+ - APPROVED
+ - REJECTED
+ - PENDING
+ - NOT_READY
+ - CANCELLED
+ description: Enum representing the non-employee request approval status
+ approvalOrder:
+ type: number
+ description: Approval order
+ example: 1
+ comment:
+ type: string
+ description: comment of approver
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2019-08-23T18:40:35.772Z'
+ approvalStatus:
+ type: string
+ enum:
+ - APPROVED
+ - REJECTED
+ - PENDING
+ - NOT_READY
+ - CANCELLED
+ description: Enum representing the non-employee request approval status
+ comment:
+ type: string
+ description: comment of requester
+ completionDate:
+ type: string
+ format: date-time
+ description: When the request was completely approved.
+ example: '2020-03-24T11:11:41.139-05:00'
+ startDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment start date.
+ example: '2020-03-24T00:00:00-05:00'
+ endDate:
+ type: string
+ format: date-time
+ description: Non-Employee employment end date.
+ example: '2021-03-25T00:00:00-05:00'
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2020-03-24T11:11:41.139-05:00'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2020-03-24T11:11:41.139-05:00'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ delete:
+ operationId: nonEmployeeRequestDeletion
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Delete Non-Employee Request
+ description: |-
+ This request will delete a non-employee request.
+ Requires role context of `idn:nesr:delete`
+ parameters:
+ - in: path
+ name: id
+ description: Non-Employee request id in the UUID format
+ required: true
+ schema:
+ type: string
+ format: uuid
+ responses:
+ '204':
+ description: No content - indicates the request was successful but there is no content to be returned in the response.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/non-employee-requests/summary/{requested-for}':
+ get:
+ operationId: nonEmployeeRequestSummaryGet
+ security:
+ - oauth2: []
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Get Summary of Non-Employee Requests
+ description: |-
+ This request will retrieve a summary of non-employee requests.
There are two contextual uses for the `requested-for` path parameter:
+ 1. The user has the role context of `idn:nesr:read`, in which case he or she may request a summary of all non-employee approval requests assigned to a particular account manager by passing in that manager's id.
+ 2. The current user is an account manager, in which case "me" should be provided as the `requested-for` value. This will provide the user with a summary of the non-employee requests in the source(s) he or she manages.
+ parameters:
+ - in: path
+ name: requested-for
+ description: The identity (UUID) of the non-employee account manager for whom the summary is being retrieved. Use "me" instead to indicate the current user.
+ required: true
+ schema:
+ type: string
+ format: uuid (if user is Org Admin)
+ responses:
+ '200':
+ description: Non-Employee request summary object.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ approved:
+ type: number
+ description: The number of approved non-employee requests on all sources that *requested-for* user manages.
+ rejected:
+ type: number
+ description: The number of rejected non-employee requests on all sources that *requested-for* user manages.
+ pending:
+ type: number
+ description: The number of pending non-employee requests on all sources that *requested-for* user manages.
+ nonEmployeeCount:
+ type: number
+ description: The number of non-employee records on all sources that *requested-for* user manages.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /non-employee-sources:
+ post:
+ operationId: nonEmployeeSourcesCreation
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Create Non-Employee Source
+ description: 'This request will create a non-employee source.
Requires role context of `idn:nesr:create`'
+ requestBody:
+ description: Non-Employee source creation request body.
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ name:
+ type: string
+ description: Name of non-employee source.
+ example: Retail
+ description:
+ type: string
+ description: Description of non-employee source.
+ example: Source description
+ owner:
+ description: Owner of non-employee source.
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Identity id.
+ example: 2c91808570313110017040b06f344ec9
+ required:
+ - id
+ managementWorkgroup:
+ type: string
+ description: The ID for the management workgroup that contains source sub-admins
+ example: '123299'
+ approvers:
+ description: List of approvers.
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Identity id.
+ example: 2c91808570313110017040b06f344ec9
+ required:
+ - id
+ maxItems: 3
+ accountManagers:
+ description: List of account managers.
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Identity id.
+ example: 2c91808570313110017040b06f344ec9
+ required:
+ - id
+ maxItems: 10
+ required:
+ - owner
+ - name
+ - description
+ responses:
+ '200':
+ description: Created non-employee source.
+ content:
+ application/json:
+ schema:
+ allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee source id.
+ example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
+ sourceId:
+ type: string
+ description: Source Id associated with this non-employee source.
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Source name associated with this non-employee source.
+ example: Retail
+ description:
+ type: string
+ description: Source description associated with this non-employee source.
+ example: Source description
+ - type: object
+ properties:
+ approvers:
+ description: List of approvers
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ accountManagers:
+ description: List of account managers
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2019-08-23T18:40:35.772Z'
+ - type: object
+ properties:
+ cloudExternalId:
+ type: string
+ description: Legacy ID used for sources from the V1 API. This attribute will be removed from a future version of the API and will not be considered a breaking change. No clients should rely on this ID always being present.
+ example: '99999'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ get:
+ operationId: nonEmployeeSourcesList
+ security:
+ - oauth2: []
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: List Non-Employee Sources
+ description: |-
+ This gets a list of non-employee sources.
There are two contextual uses for the requested-for path parameter:
+ 1. The user has the role context of `idn:nesr:read`, in which case he or she may request a list sources assigned to a particular account manager by passing in that manager's id.
+ 2. The current user is an account manager, in which case "me" should be provided as the `requested-for` value. This will provide the user with a list of the sources that he or she owns.
+ parameters:
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: requested-for
+ required: true
+ schema:
+ type: string
+ example: me
+ description: The identity for whom the request was made. *me* indicates the current user.
+ - in: query
+ name: non-employee-count
+ required: false
+ example: true
+ schema:
+ type: boolean
+ description: The flag to determine whether return a non-employee count associate with source.
+ - in: query
+ name: sorters
+ required: false
+ schema:
+ type: string
+ format: comma-separated
+ example: 'name,created'
+ description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
Sorting is supported for the following fields: **name, created**'
+ responses:
+ '200':
+ description: List of non-employee sources objects.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee source id.
+ example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
+ sourceId:
+ type: string
+ description: Source Id associated with this non-employee source.
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Source name associated with this non-employee source.
+ example: Retail
+ description:
+ type: string
+ description: Source description associated with this non-employee source.
+ example: Source description
+ - type: object
+ properties:
+ approvers:
+ description: List of approvers
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ accountManagers:
+ description: List of account managers
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2019-08-23T18:40:35.772Z'
+ - type: object
+ properties:
+ nonEmployeeCount:
+ type: number
+ description: Number of non-employee records associated with this source.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/non-employee-sources/{sourceId}':
+ get:
+ operationId: nonEmployeeSourceGet
+ security:
+ - oauth2: []
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Get a Non-Employee Source
+ description: |-
+ This gets a non-employee source.
There are two contextual uses for the requested-for path parameter:
+ 1. The user has the role context of `idn:nesr:read`, in which case he or she may request any source.
+ 2. The current user is an account manager, in which case the user can only request sources that they own.
+ parameters:
+ - in: path
+ name: sourceId
+ description: Source Id
+ example: 2c91808b7c28b350017c2a2ec5790aa1
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ description: Non-Employee source object.
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee source id.
+ example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
+ sourceId:
+ type: string
+ description: Source Id associated with this non-employee source.
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Source name associated with this non-employee source.
+ example: Retail
+ description:
+ type: string
+ description: Source description associated with this non-employee source.
+ example: Source description
+ - type: object
+ properties:
+ approvers:
+ description: List of approvers
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ accountManagers:
+ description: List of account managers
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2019-08-23T18:40:35.772Z'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ patch:
+ operationId: nonEmployeeSourcePatch
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Patch a Non-Employee Source
+ description: 'patch a non-employee source. (partial update)
Patchable field: **name, description, approvers, accountManagers**
Requires role context of `idn:nesr:update`.'
+ parameters:
+ - in: path
+ name: sourceId
+ description: Source Id
+ required: true
+ schema:
+ type: string
+ requestBody:
+ description: 'A list of non-employee source update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.'
+ required: true
+ content:
+ application/json-patch+json:
+ schema:
+ type: array
+ items:
+ type: object
+ description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
+ required:
+ - op
+ - path
+ properties:
+ op:
+ type: string
+ description: The operation to be performed
+ enum:
+ - add
+ - remove
+ - replace
+ - move
+ - copy
+ - test
+ example: replace
+ path:
+ type: string
+ description: A string JSON Pointer representing the target path to an element to be affected by the operation
+ example: /description
+ value:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ - type: array
+ items:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ description: 'The value to be used for the operation, required for "add" and "replace" operations'
+ example: New description
+ example:
+ - op: replace
+ path: /name
+ value:
+ new name: null
+ - op: replace
+ path: /approvers
+ value:
+ - 2c91809f703bb37a017040a2fe8748c7
+ - 48b1f463c9e8427db5a5071bd81914b8
+ responses:
+ '200':
+ description: A patched non-employee source object.
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee source id.
+ example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
+ sourceId:
+ type: string
+ description: Source Id associated with this non-employee source.
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Source name associated with this non-employee source.
+ example: Retail
+ description:
+ type: string
+ description: Source description associated with this non-employee source.
+ example: Source description
+ - type: object
+ properties:
+ approvers:
+ description: List of approvers
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ accountManagers:
+ description: List of account managers
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2019-08-23T18:40:35.772Z'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ delete:
+ operationId: nonEmployeeSourceDelete
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Delete Non-Employee Source
+ description: 'This request will delete a non-employee source.
Requires role context of `idn:nesr:delete`.'
+ parameters:
+ - in: path
+ name: sourceId
+ description: Source Id
+ required: true
+ schema:
+ type: string
+ responses:
+ '204':
+ description: No content - indicates the request was successful but there is no content to be returned in the response.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/non-employee-sources/{id}/non-employees/download':
+ get:
+ operationId: nonEmployeeRecordsExport
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Exports Non-Employee Records to CSV
+ description: 'This requests a CSV download for all non-employees from a provided source.
Requires role context of `idn:nesr:read`'
+ parameters:
+ - in: path
+ name: id
+ description: Source Id (UUID)
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ description: Exported CSV
+ content:
+ text/csv:
+ example: |
+ accountName,firstName,lastName,phone,email,manager,startDate,endDate
+ Jon.Smith, Jon, Smith, 555-555-5555, jon@jon.doe.nope.com, Jim Smith, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00
+ William.Chaffin, William, Chaffin, 555-555-5555, william@chaffins.nope.com, Bertram Chaffin, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/non-employee-sources/{id}/non-employee-bulk-upload':
+ post:
+ operationId: nonEmployeeRecordsBulkUpload
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: 'Imports, or Updates, Non-Employee Records'
+ description: 'This post will import, or update, Non-Employee records found in the CSV.
Requires role context of `idn:nesr:create`'
+ parameters:
+ - in: path
+ name: id
+ description: Source Id (UUID)
+ required: true
+ schema:
+ type: string
+ requestBody:
+ description: The form-data "name" attribute for the file content must be "data". See the schema specification.
+ content:
+ multipart/form-data:
+ schema:
+ type: object
+ properties:
+ data:
+ type: string
+ format: base64
+ required:
+ - data
+ example:
+ data: 'accountName,firstName,lastName,phone,email,manager,startDate,endDate Jon.Smith, Jon, Smith, 555-555-5555, jon@jon.doe.nope.com, Jim Smith, 2020-04-05T08:00:00-10:00, 2020-08-07T19:00:00-10:00 William.Chaffin, William, Chaffin, 555-555-5555, william@chaffins.nope.com, Bertram Chaffin, 2020-04-05T08:00:00-10:00, 2020-08-07T19:00:00-10:00'
+ responses:
+ '202':
+ description: The CSV was accepted to be bulk inserted now or at a later time.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The bulk upload job's ID. (UUID)
+ example: 2c91808568c529c60168cca6f90cffff
+ sourceId:
+ type: string
+ description: The ID of the source to bulk-upload non-employees to. (UUID)
+ example: 2c91808568c529c60168cca6f90c1313
+ created:
+ type: string
+ format: date-time
+ description: The date-time the job was submitted.
+ example: '2019-08-23T18:52:59.162Z'
+ modified:
+ type: string
+ format: date-time
+ description: The date-time that the job was last updated.
+ example: '2019-08-23T18:52:59.162Z'
+ status:
+ type: string
+ enum:
+ - PENDING
+ - IN_PROGRESS
+ - COMPLETED
+ - ERROR
+ description: |
+ Returns the following values indicating the progress or result of the bulk upload job.
+ "PENDING" means the job is queued and waiting to be processed.
+ "IN_PROGRESS" means the job is currently being processed.
+ "COMPLETED" means the job has been completed without any errors.
+ "ERROR" means the job failed to process with errors.
+ example: PENDING
+ '400':
+ description: |
+ Client Error - Returned if the request body is invalid.
+ The response body will contain the list of specific errors with one on each line.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/non-employee-sources/{id}/non-employee-bulk-upload/status':
+ get:
+ operationId: nonEmployeeBulkUploadStatus
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Obtain the status of bulk upload on the source
+ description: |
+ The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source.
+ Requires role context of `idn:nesr:read`
+ parameters:
+ - in: path
+ name: id
+ description: Source ID (UUID)
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ description: 'Status of the newest bulk-upload job, if any.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ status:
+ type: string
+ enum:
+ - PENDING
+ - IN_PROGRESS
+ - COMPLETED
+ - ERROR
+ description: |
+ Returns the following values indicating the progress or result of the bulk upload job.
+ "PENDING" means the job is queued and waiting to be processed.
+ "IN_PROGRESS" means the job is currently being processed.
+ "COMPLETED" means the job has been completed without any errors.
+ "ERROR" means the job failed to process with errors.
+ null means job has been submitted to the source.
+ example: PENDING
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/non-employee-sources/{id}/schema-attributes-template/download':
+ get:
+ operationId: nonEmployeeExportSourceSchemaTemplate
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Exports Source Schema Template
+ description: 'This requests a download for the Source Schema Template for a provided source.
Requires role context of `idn:nesr:read`'
+ parameters:
+ - in: path
+ name: id
+ description: Source Id (UUID)
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ description: Exported Source Schema Template
+ content:
+ text/csv:
+ example: |
+ accountName,firstName,lastName,phone,email,manager,startDate,endDate
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /non-employee-approvals:
+ get:
+ operationId: nonEmployeeApprovalList
+ security:
+ - oauth2: []
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Get List of Non-Employee Approval Requests
+ description: |-
+ This gets a list of non-employee approval requests.
+ There are two contextual uses for this endpoint:
+ 1. The user has the role context of `idn:nesr:read`, in which case they can list the approvals for any approver.
+ 2. The user owns the requested approval.
+ parameters:
+ - in: query
+ name: requested-for
+ schema:
+ type: string
+ description: The identity for whom the request was made. *me* indicates the current user.
+ required: false
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: filters
+ schema:
+ type: string
+ description: 'Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)
Filtering is supported for the following fields and operators:
**approvalStatus**: *eq*
*Example:* approvalStatus eq "PENDING"'
+ - in: query
+ name: sorters
+ schema:
+ type: string
+ format: comma-separated
+ description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
Sorting is supported for the following fields: **created, modified**'
+ responses:
+ '200':
+ description: List of approval items.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee approval item id
+ example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
+ approver:
+ description: Reference to the associated Identity
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ accountName:
+ type: string
+ description: Requested identity account name
+ example: test.account
+ approvalStatus:
+ type: string
+ enum:
+ - APPROVED
+ - REJECTED
+ - PENDING
+ - NOT_READY
+ - CANCELLED
+ description: Enum representing the non-employee request approval status
+ approvalOrder:
+ type: number
+ description: Approval order
+ example: 1
+ comment:
+ type: string
+ description: comment of approver
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2019-08-23T18:40:35.772Z'
+ - type: object
+ properties:
+ nonEmployeeRequest:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee request id.
+ requester:
+ example:
+ type: IDENTITY
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: William Smith
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/non-employee-approvals/{id}':
+ get:
+ operationId: nonEmployeeApprovalGet
+ security:
+ - oauth2: []
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Get a non-employee approval item detail
+ description: |-
+ Gets a non-employee approval item detail.
There are two contextual uses for this endpoint:
+ 1. The user has the role context of `idn:nesr:read`, in which case they can get any approval.
+ 2. The user owns the requested approval.
+ parameters:
+ - in: path
+ name: id
+ description: Non-Employee approval item id (UUID)
+ required: true
+ schema:
+ type: string
+ - in: query
+ name: include-detail
+ description: The object nonEmployeeRequest will not be included detail when set to false. *Default value is true*
+ required: false
+ schema:
+ type: string
+ responses:
+ '200':
+ description: Non-Employee approval item object.
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee approval item id
+ example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
+ approver:
+ description: Reference to the associated Identity
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ accountName:
+ type: string
+ description: Requested identity account name
+ example: test.account
+ approvalStatus:
+ type: string
+ enum:
+ - APPROVED
+ - REJECTED
+ - PENDING
+ - NOT_READY
+ - CANCELLED
+ description: Enum representing the non-employee request approval status
+ approvalOrder:
+ type: number
+ description: Approval order
+ example: 1
+ comment:
+ type: string
+ description: comment of approver
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2019-08-23T18:40:35.772Z'
+ - type: object
+ properties:
+ nonEmployeeRequest:
+ description: Non-Employee request associated to this approval
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee request id.
+ requester:
+ example:
+ type: IDENTITY
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: William Smith
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ - type: object
+ properties:
+ accountName:
+ type: string
+ description: Requested identity account name.
+ example: william.smith
+ firstName:
+ type: string
+ description: Non-Employee's first name.
+ example: William
+ lastName:
+ type: string
+ description: Non-Employee's last name.
+ example: Smith
+ email:
+ type: string
+ description: Non-Employee's email.
+ example: william.smith@example.com
+ phone:
+ type: string
+ description: Non-Employee's phone.
+ example: '5555555555'
+ manager:
+ type: string
+ description: The account ID of a valid identity to serve as this non-employee's manager.
+ example: jane.doe
+ nonEmployeeSource:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee source id.
+ example: a0303682-5e4a-44f7-bdc2-6ce6112549c1
+ sourceId:
+ type: string
+ description: Source Id associated with this non-employee source.
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Source name associated with this non-employee source.
+ example: Retail
+ description:
+ type: string
+ description: Source description associated with this non-employee source.
+ example: Source description
+ - type: object
+ properties:
+ schemaAttributes:
+ description: List of schema attributes associated with this non-employee source.
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ example: ac110005-7156-1150-8171-5b292e3e0084
+ description: Schema Attribute Id
+ system:
+ type: boolean
+ description: True if this schema attribute is mandatory on all non-employees sources.
+ example: true
+ modified:
+ type: string
+ format: date-time
+ description: When the schema attribute was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the schema attribute was created.
+ example: '2019-08-23T18:40:35.772Z'
+ type:
+ type: string
+ enum:
+ - TEXT
+ - DATE
+ - IDENTITY
+ description: Enum representing the type of data a schema attribute accepts.
+ label:
+ type: string
+ description: Label displayed on the UI for this schema attribute.
+ example: Account Name
+ technicalName:
+ type: string
+ description: The technical name of the attribute. Must be unique per source.
+ example: account.name
+ helpText:
+ type: string
+ description: help text displayed by UI.
+ example: The unique identifier for the account
+ placeholder:
+ type: string
+ description: Hint text that fills UI box.
+ example: Enter a unique user name for this account.
+ required:
+ type: boolean
+ description: 'If true, the schema attribute is required for all non-employees in the source'
+ example: true
+ required:
+ - type
+ - technicalName
+ - label
+ data:
+ type: object
+ additionalProperties:
+ type: string
+ description: Attribute blob/bag for a non-employee.
+ approvalStatus:
+ type: string
+ enum:
+ - APPROVED
+ - REJECTED
+ - PENDING
+ - NOT_READY
+ - CANCELLED
+ description: Enum representing the non-employee request approval status
+ comment:
+ type: string
+ description: comment of requester
+ completionDate:
+ type: string
+ format: date-time
+ description: When the request was completely approved.
+ example: '2020-03-24T11:11:41.139-05:00'
+ startDate:
+ type: string
+ format: date
+ description: Non-Employee employment start date.
+ example: '2020-03-24'
+ endDate:
+ type: string
+ format: date
+ description: Non-Employee employment end date.
+ example: '2021-03-25'
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2020-03-24T11:11:41.139-05:00'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2020-03-24T11:11:41.139-05:00'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/non-employee-approvals/{id}/approve':
+ post:
+ operationId: nonEmployeeApproveRequest
+ security:
+ - oauth2: []
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Approve a Non-Employee Request
+ description: Approves a non-employee approval request and notifies the next approver.
The current user must be the requested approver.
+ parameters:
+ - in: path
+ name: id
+ description: Non-Employee approval item id (UUID)
+ required: true
+ schema:
+ type: string
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ comment:
+ type: string
+ description: Comment on the approval item.
+ maxLength: 4000
+ responses:
+ '200':
+ description: Non-Employee approval item object.
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee approval item id
+ example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
+ approver:
+ description: Reference to the associated Identity
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ accountName:
+ type: string
+ description: Requested identity account name
+ example: test.account
+ approvalStatus:
+ type: string
+ enum:
+ - APPROVED
+ - REJECTED
+ - PENDING
+ - NOT_READY
+ - CANCELLED
+ description: Enum representing the non-employee request approval status
+ approvalOrder:
+ type: number
+ description: Approval order
+ example: 1
+ comment:
+ type: string
+ description: comment of approver
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2019-08-23T18:40:35.772Z'
+ - type: object
+ properties:
+ nonEmployeeRequest:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee request id.
+ requester:
+ example:
+ type: IDENTITY
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: William Smith
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/non-employee-approvals/{id}/reject':
+ post:
+ operationId: nonEmployeeRejectRequest
+ security:
+ - oauth2: []
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Reject a Non-Employee Request
+ description: This endpoint will reject an approval item request and notify user.
The current user must be the requested approver.
+ parameters:
+ - in: path
+ name: id
+ description: Non-Employee approval item id (UUID)
+ required: true
+ schema:
+ type: string
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ comment:
+ type: string
+ description: Comment on the approval item.
+ maxLength: 4000
+ required:
+ - comment
+ responses:
+ '200':
+ description: Non-Employee approval item object.
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee approval item id
+ example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c
+ approver:
+ description: Reference to the associated Identity
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ accountName:
+ type: string
+ description: Requested identity account name
+ example: test.account
+ approvalStatus:
+ type: string
+ enum:
+ - APPROVED
+ - REJECTED
+ - PENDING
+ - NOT_READY
+ - CANCELLED
+ description: Enum representing the non-employee request approval status
+ approvalOrder:
+ type: number
+ description: Approval order
+ example: 1
+ comment:
+ type: string
+ description: comment of approver
+ modified:
+ type: string
+ format: date-time
+ description: When the request was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the request was created.
+ example: '2019-08-23T18:40:35.772Z'
+ - type: object
+ properties:
+ nonEmployeeRequest:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ description: Non-Employee request id.
+ requester:
+ example:
+ type: IDENTITY
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: William Smith
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id
+ example: 5168015d32f890ca15812c9180835d2e
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/non-employee-approvals/summary/{requested-for}':
+ get:
+ operationId: nonEmployeeApprovalSummary
+ security:
+ - oauth2: []
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Get Summary of Non-Employee Approval Requests
+ description: |-
+ This request will retrieve a summary of non-employee approval requests.
There are two contextual uses for the `requested-for` path parameter:
+ 1. The user has the role context of `idn:nesr:read`, in which case he or she may request a summary of all non-employee approval requests assigned to a particular approver by passing in that approver's id.
+ 2. The current user is an approver, in which case "me" should be provided as the `requested-for` value. This will provide the approver with a summary of the approval items assigned to him or her.
+ parameters:
+ - in: path
+ name: requested-for
+ schema:
+ type: string
+ description: The identity (UUID) of the approver for whom for whom the summary is being retrieved. Use "me" instead to indicate the current user.
+ required: true
+ responses:
+ '200':
+ description: summary of non-employee approval requests
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ approved:
+ type: number
+ description: The number of approved non-employee approval requests.
+ pending:
+ type: number
+ description: The number of pending non-employee approval requests.
+ rejected:
+ type: number
+ description: The number of rejected non-employee approval requests.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/non-employee-sources/{sourceId}/schema-attributes':
+ get:
+ operationId: getSchemaAttributes
+ security:
+ - oauth2: []
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: List Schema Attributes Non-Employee Source
+ description: |-
+ This API gets the list of schema attributes for the specified Non-Employee SourceId. There are 8 mandatory attributes added to each new Non-Employee Source automatically. Additionaly, user can add up to 10 custom attributes. This interface returns all the mandatory attributes followed by any custom attributes. At most, a total of 18 attributes will be returned.
+ Requires role context of `idn:nesr:read` or the user must be an account manager of the source.
+ parameters:
+ - in: path
+ name: sourceId
+ schema:
+ type: string
+ required: true
+ description: The Source id
+ responses:
+ '200':
+ description: A list of Schema Attributes
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ example: ac110005-7156-1150-8171-5b292e3e0084
+ description: Schema Attribute Id
+ system:
+ type: boolean
+ description: True if this schema attribute is mandatory on all non-employees sources.
+ example: true
+ modified:
+ type: string
+ format: date-time
+ description: When the schema attribute was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the schema attribute was created.
+ example: '2019-08-23T18:40:35.772Z'
+ type:
+ type: string
+ enum:
+ - TEXT
+ - DATE
+ - IDENTITY
+ description: Enum representing the type of data a schema attribute accepts.
+ label:
+ type: string
+ description: Label displayed on the UI for this schema attribute.
+ example: Account Name
+ technicalName:
+ type: string
+ description: The technical name of the attribute. Must be unique per source.
+ example: account.name
+ helpText:
+ type: string
+ description: help text displayed by UI.
+ example: The unique identifier for the account
+ placeholder:
+ type: string
+ description: Hint text that fills UI box.
+ example: Enter a unique user name for this account.
+ required:
+ type: boolean
+ description: 'If true, the schema attribute is required for all non-employees in the source'
+ example: true
+ required:
+ - type
+ - technicalName
+ - label
+ maxItems: 18
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ post:
+ operationId: createSchemaAttribute
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Create a new Schema Attribute for Non-Employee Source
+ description: |-
+ This API creates a new schema attribute for Non-Employee Source. The schema technical name must be unique in the source. Attempts to create a schema attribute with an existing name will result in a "400.1.409 Reference conflict" response. At most, 10 custom attributes can be created per schema. Attempts to create more than 10 will result in a "400.1.4 Limit violation" response.
+ Requires role context of `idn:nesr:create`
+ parameters:
+ - in: path
+ name: sourceId
+ schema:
+ type: string
+ required: true
+ description: The Source id
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ type:
+ type: string
+ description: Type of the attribute. Only type 'TEXT' is supported for custom attributes.
+ example: TEXT
+ label:
+ type: string
+ description: Label displayed on the UI for this schema attribute.
+ example: Account Name
+ technicalName:
+ type: string
+ description: The technical name of the attribute. Must be unique per source.
+ example: account.name
+ helpText:
+ type: string
+ description: help text displayed by UI.
+ example: The unique identifier for the account
+ placeholder:
+ type: string
+ description: Hint text that fills UI box.
+ example: Enter a unique user name for this account.
+ required:
+ type: boolean
+ description: 'If true, the schema attribute is required for all non-employees in the source'
+ example: true
+ required:
+ - type
+ - technicalName
+ - label
+ responses:
+ '200':
+ description: Schema Attribute created.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ example: ac110005-7156-1150-8171-5b292e3e0084
+ description: Schema Attribute Id
+ system:
+ type: boolean
+ description: True if this schema attribute is mandatory on all non-employees sources.
+ example: true
+ modified:
+ type: string
+ format: date-time
+ description: When the schema attribute was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the schema attribute was created.
+ example: '2019-08-23T18:40:35.772Z'
+ type:
+ type: string
+ enum:
+ - TEXT
+ - DATE
+ - IDENTITY
+ description: Enum representing the type of data a schema attribute accepts.
+ label:
+ type: string
+ description: Label displayed on the UI for this schema attribute.
+ example: Account Name
+ technicalName:
+ type: string
+ description: The technical name of the attribute. Must be unique per source.
+ example: account.name
+ helpText:
+ type: string
+ description: help text displayed by UI.
+ example: The unique identifier for the account
+ placeholder:
+ type: string
+ description: Hint text that fills UI box.
+ example: Enter a unique user name for this account.
+ required:
+ type: boolean
+ description: 'If true, the schema attribute is required for all non-employees in the source'
+ example: true
+ required:
+ - type
+ - technicalName
+ - label
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ delete:
+ operationId: deleteSchemaAttributes
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Delete all custom schema attributes for Non-Employee Source
+ description: 'This end-point deletes all custom schema attributes for a non-employee source.
Requires role context of `idn:nesr:delete`'
+ parameters:
+ - in: path
+ name: sourceId
+ schema:
+ type: string
+ required: true
+ description: The Source id
+ responses:
+ '204':
+ description: All custon Schema Attributes were successfully deleted.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/non-employee-sources/{sourceId}/schema-attributes/{attributeId}':
+ get:
+ operationId: getSchemaAttribute
+ security:
+ - oauth2: []
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Get Schema Attribute Non-Employee Source
+ description: 'This API gets a schema attribute by Id for the specified Non-Employee SourceId.
Requires role context of `idn:nesr:read` or the user must be an account manager of the source.'
+ parameters:
+ - in: path
+ name: attributeId
+ schema:
+ type: string
+ required: true
+ description: The Schema Attribute Id (UUID)
+ - in: path
+ name: sourceId
+ schema:
+ type: string
+ required: true
+ description: The Source id
+ responses:
+ '200':
+ description: The Schema Attribute
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ example: ac110005-7156-1150-8171-5b292e3e0084
+ description: Schema Attribute Id
+ system:
+ type: boolean
+ description: True if this schema attribute is mandatory on all non-employees sources.
+ example: true
+ modified:
+ type: string
+ format: date-time
+ description: When the schema attribute was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the schema attribute was created.
+ example: '2019-08-23T18:40:35.772Z'
+ type:
+ type: string
+ enum:
+ - TEXT
+ - DATE
+ - IDENTITY
+ description: Enum representing the type of data a schema attribute accepts.
+ label:
+ type: string
+ description: Label displayed on the UI for this schema attribute.
+ example: Account Name
+ technicalName:
+ type: string
+ description: The technical name of the attribute. Must be unique per source.
+ example: account.name
+ helpText:
+ type: string
+ description: help text displayed by UI.
+ example: The unique identifier for the account
+ placeholder:
+ type: string
+ description: Hint text that fills UI box.
+ example: Enter a unique user name for this account.
+ required:
+ type: boolean
+ description: 'If true, the schema attribute is required for all non-employees in the source'
+ example: true
+ required:
+ - type
+ - technicalName
+ - label
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ patch:
+ operationId: patchSchemaAttribute
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Patch a Schema Attribute for Non-Employee Source
+ description: |
+ This end-point patches a specific schema attribute for a non-employee SourceId.
+ Requires role context of `idn:nesr:update`
+ parameters:
+ - in: path
+ name: attributeId
+ schema:
+ type: string
+ required: true
+ description: The Schema Attribute Id (UUID)
+ - in: path
+ name: sourceId
+ schema:
+ type: string
+ required: true
+ description: The Source id
+ requestBody:
+ description: 'A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following properties are allowed for update '':'' ''label'', ''helpText'', ''placeholder'', ''required''.'
+ content:
+ application/json-patch+json:
+ schema:
+ type: array
+ items:
+ type: object
+ description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
+ required:
+ - op
+ - path
+ properties:
+ op:
+ type: string
+ description: The operation to be performed
+ enum:
+ - add
+ - remove
+ - replace
+ - move
+ - copy
+ - test
+ example: replace
+ path:
+ type: string
+ description: A string JSON Pointer representing the target path to an element to be affected by the operation
+ example: /description
+ value:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ - type: array
+ items:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ description: 'The value to be used for the operation, required for "add" and "replace" operations'
+ example: New description
+ example:
+ - op: replace
+ path: /label
+ value:
+ new attribute label: null
+ required: true
+ responses:
+ '200':
+ description: The Schema Attribute was successfully patched.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ format: UUID
+ example: ac110005-7156-1150-8171-5b292e3e0084
+ description: Schema Attribute Id
+ system:
+ type: boolean
+ description: True if this schema attribute is mandatory on all non-employees sources.
+ example: true
+ modified:
+ type: string
+ format: date-time
+ description: When the schema attribute was last modified.
+ example: '2019-08-23T18:52:59.162Z'
+ created:
+ type: string
+ format: date-time
+ description: When the schema attribute was created.
+ example: '2019-08-23T18:40:35.772Z'
+ type:
+ type: string
+ enum:
+ - TEXT
+ - DATE
+ - IDENTITY
+ description: Enum representing the type of data a schema attribute accepts.
+ label:
+ type: string
+ description: Label displayed on the UI for this schema attribute.
+ example: Account Name
+ technicalName:
+ type: string
+ description: The technical name of the attribute. Must be unique per source.
+ example: account.name
+ helpText:
+ type: string
+ description: help text displayed by UI.
+ example: The unique identifier for the account
+ placeholder:
+ type: string
+ description: Hint text that fills UI box.
+ example: Enter a unique user name for this account.
+ required:
+ type: boolean
+ description: 'If true, the schema attribute is required for all non-employees in the source'
+ example: true
+ required:
+ - type
+ - technicalName
+ - label
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ delete:
+ operationId: deleteSchemaAttribute
+ tags:
+ - Non-Employee Lifecycle Management
+ summary: Delete a Schema Attribute for Non-Employee Source
+ description: |
+ This end-point deletes a specific schema attribute for a non-employee source.
+ Requires role context of `idn:nesr:delete`
+ parameters:
+ - in: path
+ name: attributeId
+ schema:
+ type: string
+ required: true
+ description: The Schema Attribute Id (UUID)
+ - in: path
+ name: sourceId
+ schema:
+ type: string
+ required: true
+ description: The Source id
+ responses:
+ '204':
+ description: The Schema Attribute was successfully deleted.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /oauth-clients:
+ get:
+ operationId: listOauthClients
+ tags:
+ - OAuth Clients
+ summary: List OAuth Clients
+ description: |-
+ This gets a list of OAuth clients.
+ Request will require the following security scope:
+ - 'idn:oathkeeper-client-list:read'
+ responses:
+ '200':
+ description: List of OAuth clients.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the OAuth client
+ example: 2c9180835d2e5168015d32f890ca1581
+ businessName:
+ type: string
+ description: The name of the business the API Client should belong to
+ example: Acme-Solar
+ homepageUrl:
+ type: string
+ description: The homepage URL associated with the owner of the API Client
+ example: 'http://localhost:12345'
+ name:
+ type: string
+ description: A human-readable name for the API Client
+ example: Demo API Client
+ description:
+ type: string
+ description: A description of the API Client
+ example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
+ accessTokenValiditySeconds:
+ type: string
+ description: The number of seconds an access token generated for this API Client is valid for
+ example: 750
+ refreshTokenValiditySeconds:
+ type: string
+ description: The number of seconds a refresh token generated for this API Client is valid for
+ example: 86400
+ redirectUris:
+ type: array
+ items:
+ type: string
+ description: A list of the approved redirect URIs used with the authorization_code flow
+ example:
+ - 'http://localhost:12345'
+ grantTypes:
+ type: array
+ items:
+ description: OAuth2 Grant Type
+ type: string
+ example: CLIENT_CREDENTIALS
+ enum:
+ - CLIENT_CREDENTIALS
+ - AUTHORIZATION_CODE
+ - REFRESH_TOKEN
+ description: A list of OAuth 2.0 grant types this API Client can be used with
+ example:
+ - AUTHORIZATION_CODE
+ - CLIENT_CREDENTIALS
+ - REFRESH_TOKEN
+ accessType:
+ description: The access type (online or offline) of this API Client
+ example: OFFLINE
+ type: string
+ enum:
+ - ONLINE
+ - OFFLINE
+ type:
+ description: The type of the API Client (public or confidential)
+ example: CONFIDENTIAL
+ type: string
+ enum:
+ - CONFIDENTIAL
+ - PUBLIC
+ internal:
+ type: boolean
+ description: An indicator of whether the API Client can be used for requests internal to IDN
+ example: false
+ enabled:
+ type: boolean
+ description: An indicator of whether the API Client is enabled for use
+ example: true
+ strongAuthSupported:
+ type: boolean
+ description: An indicator of whether the API Client supports strong authentication
+ example: false
+ claimsSupported:
+ type: boolean
+ description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
+ example: false
+ created:
+ type: string
+ format: date-time
+ description: 'The date and time, down to the millisecond, when the API Client was created'
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ description: 'The date and time, down to the millisecond, when the API Client was last updated'
+ example: '2018-06-25T20:22:28.104Z'
+ required:
+ - id
+ - businessName
+ - homepageUrl
+ - name
+ - description
+ - accessTokenValiditySeconds
+ - refreshTokenValiditySeconds
+ - redirectUris
+ - grantTypes
+ - accessType
+ - type
+ - internal
+ - enabled
+ - strongAuthSupported
+ - claimsSupported
+ - created
+ - modified
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ post:
+ operationId: createOauthClient
+ tags:
+ - OAuth Clients
+ summary: Create OAuth Client
+ description: |-
+ This creates an OAuth client.
+ Request will require the following security scope:
+ - 'idn:oathkeeper-client:create' - 'idn:oathkeeper-internal-client:create'
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ businessName:
+ type: string
+ description: The name of the business the API Client should belong to
+ example: Acme-Solar
+ homepageUrl:
+ type: string
+ description: The homepage URL associated with the owner of the API Client
+ example: 'http://localhost:12345'
+ name:
+ type: string
+ description: A human-readable name for the API Client
+ example: Demo API Client
+ description:
+ type: string
+ description: A description of the API Client
+ example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
+ accessTokenValiditySeconds:
+ type: string
+ description: The number of seconds an access token generated for this API Client is valid for
+ example: 750
+ refreshTokenValiditySeconds:
+ type: string
+ description: The number of seconds a refresh token generated for this API Client is valid for
+ example: 86400
+ redirectUris:
+ type: array
+ items:
+ type: string
+ description: A list of the approved redirect URIs. Provide one or more URIs when assigning the AUTHORIZATION_CODE grant type to a new OAuth Client.
+ example:
+ - 'http://localhost:12345'
+ grantTypes:
+ type: array
+ items:
+ description: OAuth2 Grant Type
+ type: string
+ example: CLIENT_CREDENTIALS
+ enum:
+ - CLIENT_CREDENTIALS
+ - AUTHORIZATION_CODE
+ - REFRESH_TOKEN
+ description: A list of OAuth 2.0 grant types this API Client can be used with
+ example:
+ - AUTHORIZATION_CODE
+ - CLIENT_CREDENTIALS
+ - REFRESH_TOKEN
+ accessType:
+ description: The access type (online or offline) of this API Client
+ example: OFFLINE
+ type: string
+ enum:
+ - ONLINE
+ - OFFLINE
+ type:
+ description: The type of the API Client (public or confidential)
+ example: CONFIDENTIAL
+ type: string
+ enum:
+ - CONFIDENTIAL
+ - PUBLIC
+ internal:
+ type: boolean
+ description: An indicator of whether the API Client can be used for requests internal within the product.
+ example: false
+ enabled:
+ type: boolean
+ description: An indicator of whether the API Client is enabled for use
+ example: true
+ strongAuthSupported:
+ type: boolean
+ description: An indicator of whether the API Client supports strong authentication
+ example: false
+ claimsSupported:
+ type: boolean
+ description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
+ example: false
+ required:
+ - name
+ - description
+ - accessTokenValiditySeconds
+ - grantTypes
+ - accessType
+ - enabled
+ responses:
+ '200':
+ description: Request succeeded.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the OAuth client
+ example: 2c9180835d2e5168015d32f890ca1581
+ secret:
+ type: string
+ description: Secret of the OAuth client (This field is only returned on the intial create call.)
+ example: 5c32dd9b21adb51c77794d46e71de117a1d0ddb36a7ff941fa28014ab7de2cf3
+ businessName:
+ type: string
+ description: The name of the business the API Client should belong to
+ example: Acme-Solar
+ homepageUrl:
+ type: string
+ description: The homepage URL associated with the owner of the API Client
+ example: 'http://localhost:12345'
+ name:
+ type: string
+ description: A human-readable name for the API Client
+ example: Demo API Client
+ description:
+ type: string
+ description: A description of the API Client
+ example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
+ accessTokenValiditySeconds:
+ type: string
+ description: The number of seconds an access token generated for this API Client is valid for
+ example: 750
+ refreshTokenValiditySeconds:
+ type: string
+ description: The number of seconds a refresh token generated for this API Client is valid for
+ example: 86400
+ redirectUris:
+ type: array
+ items:
+ type: string
+ description: A list of the approved redirect URIs used with the authorization_code flow
+ example:
+ - 'http://localhost:12345'
+ grantTypes:
+ type: array
+ items:
+ description: OAuth2 Grant Type
+ type: string
+ example: CLIENT_CREDENTIALS
+ enum:
+ - CLIENT_CREDENTIALS
+ - AUTHORIZATION_CODE
+ - REFRESH_TOKEN
+ description: A list of OAuth 2.0 grant types this API Client can be used with
+ example:
+ - AUTHORIZATION_CODE
+ - CLIENT_CREDENTIALS
+ - REFRESH_TOKEN
+ accessType:
+ description: The access type (online or offline) of this API Client
+ example: OFFLINE
+ type: string
+ enum:
+ - ONLINE
+ - OFFLINE
+ type:
+ description: The type of the API Client (public or confidential)
+ example: CONFIDENTIAL
+ type: string
+ enum:
+ - CONFIDENTIAL
+ - PUBLIC
+ internal:
+ type: boolean
+ description: An indicator of whether the API Client can be used for requests internal to IDN
+ example: false
+ enabled:
+ type: boolean
+ description: An indicator of whether the API Client is enabled for use
+ example: true
+ strongAuthSupported:
+ type: boolean
+ description: An indicator of whether the API Client supports strong authentication
+ example: false
+ claimsSupported:
+ type: boolean
+ description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
+ example: false
+ created:
+ type: string
+ format: date-time
+ description: 'The date and time, down to the millisecond, when the API Client was created'
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ description: 'The date and time, down to the millisecond, when the API Client was last updated'
+ example: '2018-06-25T20:22:28.104Z'
+ required:
+ - id
+ - secret
+ - businessName
+ - homepageUrl
+ - name
+ - description
+ - accessTokenValiditySeconds
+ - refreshTokenValiditySeconds
+ - redirectUris
+ - grantTypes
+ - accessType
+ - type
+ - internal
+ - enabled
+ - strongAuthSupported
+ - claimsSupported
+ - created
+ - modified
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/oauth-clients/{id}':
+ get:
+ operationId: getOauthClient
+ tags:
+ - OAuth Clients
+ summary: Get OAuth Client
+ description: |-
+ This gets details of an OAuth client.
+ Request will require the following security scope:
+ - 'idn:oathkeeper-client:read'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The OAuth client id
+ example: ef38f94347e94562b5bb8424a56397d8
+ responses:
+ '200':
+ description: Request succeeded.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the OAuth client
+ example: 2c9180835d2e5168015d32f890ca1581
+ businessName:
+ type: string
+ description: The name of the business the API Client should belong to
+ example: Acme-Solar
+ homepageUrl:
+ type: string
+ description: The homepage URL associated with the owner of the API Client
+ example: 'http://localhost:12345'
+ name:
+ type: string
+ description: A human-readable name for the API Client
+ example: Demo API Client
+ description:
+ type: string
+ description: A description of the API Client
+ example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
+ accessTokenValiditySeconds:
+ type: string
+ description: The number of seconds an access token generated for this API Client is valid for
+ example: 750
+ refreshTokenValiditySeconds:
+ type: string
+ description: The number of seconds a refresh token generated for this API Client is valid for
+ example: 86400
+ redirectUris:
+ type: array
+ items:
+ type: string
+ description: A list of the approved redirect URIs used with the authorization_code flow
+ example:
+ - 'http://localhost:12345'
+ grantTypes:
+ type: array
+ items:
+ description: OAuth2 Grant Type
+ type: string
+ example: CLIENT_CREDENTIALS
+ enum:
+ - CLIENT_CREDENTIALS
+ - AUTHORIZATION_CODE
+ - REFRESH_TOKEN
+ description: A list of OAuth 2.0 grant types this API Client can be used with
+ example:
+ - AUTHORIZATION_CODE
+ - CLIENT_CREDENTIALS
+ - REFRESH_TOKEN
+ accessType:
+ description: The access type (online or offline) of this API Client
+ example: OFFLINE
+ type: string
+ enum:
+ - ONLINE
+ - OFFLINE
+ type:
+ description: The type of the API Client (public or confidential)
+ example: CONFIDENTIAL
+ type: string
+ enum:
+ - CONFIDENTIAL
+ - PUBLIC
+ internal:
+ type: boolean
+ description: An indicator of whether the API Client can be used for requests internal to IDN
+ example: false
+ enabled:
+ type: boolean
+ description: An indicator of whether the API Client is enabled for use
+ example: true
+ strongAuthSupported:
+ type: boolean
+ description: An indicator of whether the API Client supports strong authentication
+ example: false
+ claimsSupported:
+ type: boolean
+ description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
+ example: false
+ created:
+ type: string
+ format: date-time
+ description: 'The date and time, down to the millisecond, when the API Client was created'
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ description: 'The date and time, down to the millisecond, when the API Client was last updated'
+ example: '2018-06-25T20:22:28.104Z'
+ required:
+ - id
+ - businessName
+ - homepageUrl
+ - name
+ - description
+ - accessTokenValiditySeconds
+ - refreshTokenValiditySeconds
+ - redirectUris
+ - grantTypes
+ - accessType
+ - type
+ - internal
+ - enabled
+ - strongAuthSupported
+ - claimsSupported
+ - created
+ - modified
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ delete:
+ operationId: deleteOauthClient
+ tags:
+ - OAuth Clients
+ summary: Delete OAuth Client
+ description: |-
+ This deletes an OAuth client.
+ Request will require the following security scopes:
+ - 'idn:oathkeeper-client:delete' - 'idn:oathkeeper-internal-client:delete'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The OAuth client id
+ example: ef38f94347e94562b5bb8424a56397d8
+ responses:
+ '204':
+ description: No content.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ patch:
+ operationId: patchOauthClient
+ tags:
+ - OAuth Clients
+ summary: Patch OAuth Client
+ description: |-
+ This performs a targeted update to the field(s) of an OAuth client.
+ Request will require a security scope of
+ 'idn:oathkeeper-client:update'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The OAuth client id
+ example: ef38f94347e94562b5bb8424a56397d8
+ requestBody:
+ required: true
+ description: |
+ A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
+
+ The following fields are patchable:
+ * tenant
+ * businessName
+ * homepageUrl
+ * name
+ * description
+ * accessTokenValiditySeconds
+ * refreshTokenValiditySeconds
+ * redirectUris
+ * grantTypes
+ * accessType
+ * enabled
+ * strongAuthSupported
+ * claimsSupported
+ content:
+ application/json-patch+json:
+ schema:
+ type: array
+ items:
+ type: object
+ description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
+ required:
+ - op
+ - path
+ properties:
+ op:
+ type: string
+ description: The operation to be performed
+ enum:
+ - add
+ - remove
+ - replace
+ - move
+ - copy
+ - test
+ example: replace
+ path:
+ type: string
+ description: A string JSON Pointer representing the target path to an element to be affected by the operation
+ example: /description
+ value:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ - type: array
+ items:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ description: 'The value to be used for the operation, required for "add" and "replace" operations'
+ example: New description
+ example:
+ - op: replace
+ path: /strongAuthSupported
+ value: true
+ - op: replace
+ path: /businessName
+ value: acme-solar
+ responses:
+ '200':
+ description: 'Indicates the PATCH operation succeeded, and returns the OAuth client''s new representation.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the OAuth client
+ example: 2c9180835d2e5168015d32f890ca1581
+ businessName:
+ type: string
+ description: The name of the business the API Client should belong to
+ example: Acme-Solar
+ homepageUrl:
+ type: string
+ description: The homepage URL associated with the owner of the API Client
+ example: 'http://localhost:12345'
+ name:
+ type: string
+ description: A human-readable name for the API Client
+ example: Demo API Client
+ description:
+ type: string
+ description: A description of the API Client
+ example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows'
+ accessTokenValiditySeconds:
+ type: string
+ description: The number of seconds an access token generated for this API Client is valid for
+ example: 750
+ refreshTokenValiditySeconds:
+ type: string
+ description: The number of seconds a refresh token generated for this API Client is valid for
+ example: 86400
+ redirectUris:
+ type: array
+ items:
+ type: string
+ description: A list of the approved redirect URIs used with the authorization_code flow
+ example:
+ - 'http://localhost:12345'
+ grantTypes:
+ type: array
+ items:
+ description: OAuth2 Grant Type
+ type: string
+ example: CLIENT_CREDENTIALS
+ enum:
+ - CLIENT_CREDENTIALS
+ - AUTHORIZATION_CODE
+ - REFRESH_TOKEN
+ description: A list of OAuth 2.0 grant types this API Client can be used with
+ example:
+ - AUTHORIZATION_CODE
+ - CLIENT_CREDENTIALS
+ - REFRESH_TOKEN
+ accessType:
+ description: The access type (online or offline) of this API Client
+ example: OFFLINE
+ type: string
+ enum:
+ - ONLINE
+ - OFFLINE
+ type:
+ description: The type of the API Client (public or confidential)
+ example: CONFIDENTIAL
+ type: string
+ enum:
+ - CONFIDENTIAL
+ - PUBLIC
+ internal:
+ type: boolean
+ description: An indicator of whether the API Client can be used for requests internal to IDN
+ example: false
+ enabled:
+ type: boolean
+ description: An indicator of whether the API Client is enabled for use
+ example: true
+ strongAuthSupported:
+ type: boolean
+ description: An indicator of whether the API Client supports strong authentication
+ example: false
+ claimsSupported:
+ type: boolean
+ description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow
+ example: false
+ created:
+ type: string
+ format: date-time
+ description: 'The date and time, down to the millisecond, when the API Client was created'
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ description: 'The date and time, down to the millisecond, when the API Client was last updated'
+ example: '2018-06-25T20:22:28.104Z'
+ required:
+ - id
+ - businessName
+ - homepageUrl
+ - name
+ - description
+ - accessTokenValiditySeconds
+ - refreshTokenValiditySeconds
+ - redirectUris
+ - grantTypes
+ - accessType
+ - type
+ - internal
+ - enabled
+ - strongAuthSupported
+ - claimsSupported
+ - created
+ - modified
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /personal-access-tokens:
+ get:
+ operationId: listPersonalAccessTokens
+ tags:
+ - Personal Access Tokens
+ summary: List Personal Access Tokens
+ description: |-
+ This gets a collection of personal access tokens associated with the optional owner-id. query parameter. If the owner-id query parameter is omitted, all personal access tokens for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right. Any of the following rights are required to access this resource:
+ - idn:my-personal-access-tokens:read
+ - idn:all-personal-access-tokens:read
+ - idn:managed-personal-access-tokens:read
+
+ parameters:
+ - in: query
+ name: owner-id
+ description: 'The identity ID of the owner whose personal access tokens should be listed. If "me", the caller should have the following right: ''idn:my-personal-access-tokens:read'' If an actual owner ID or if the owner-id parameter is omitted in the request, the caller should have the following right: ''idn:all-personal-access-tokens:read''. If the caller has the following right, then managed personal access tokens associated with owner-id will be retrieved: ''idn:managed-personal-access-tokens:read'''
+ required: false
+ schema:
+ type: string
+ default: null
+ example: 2c9180867b50d088017b554662fb281e
+ responses:
+ '200':
+ description: List of personal access tokens.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of the personal access token (to be used as the username for Basic Auth).
+ example: 86f1dc6fe8f54414950454cbb11278fa
+ name:
+ type: string
+ description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.
+ example: NodeJS Integration
+ owner:
+ description: Details about the owner of the personal access token.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ created:
+ type: string
+ format: date-time
+ description: 'The date and time, down to the millisecond, when this personal access token was created.'
+ example: '2017-07-11T18:45:37.098Z'
+ required:
+ - id
+ - name
+ - owner
+ - created
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ post:
+ operationId: createPersonalAccessToken
+ tags:
+ - Personal Access Tokens
+ summary: Create Personal Access Token
+ description: |-
+ This creates a personal access token. Any of the following rights are required to access this resource:
+ - idn:my-personal-access-tokens:create
+ - idn:all-personal-access-tokens:create
+ - idn:managed-personal-access-tokens:create
+
+ requestBody:
+ description: Name and scope of personal access token.
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ description: Object for specifying the name of a personal access token to create
+ properties:
+ name:
+ type: string
+ description: The name of the personal access token (PAT) to be created. Cannot be the same as another PAT owned by the user for whom this PAT is being created.
+ example: NodeJS Integration
+ required:
+ - name
+ responses:
+ '200':
+ description: Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of the personal access token (to be used as the username for Basic Auth).
+ example: 86f1dc6fe8f54414950454cbb11278fa
+ secret:
+ type: string
+ description: The secret of the personal access token (to be used as the password for Basic Auth).
+ example: 1d1bef2b9f426383447f64f69349fc7cac176042578d205c256ba3f37c59adb9
+ name:
+ type: string
+ description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user.
+ example: NodeJS Integration
+ owner:
+ description: Details about the owner of the personal access token.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ created:
+ type: string
+ format: date-time
+ description: 'The date and time, down to the millisecond, when this personal access token was created.'
+ example: '2017-07-11T18:45:37.098Z'
+ required:
+ - id
+ - secret
+ - name
+ - owner
+ - created
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/personal-access-tokens/{id}':
+ delete:
+ operationId: deletePersonalAccessToken
+ tags:
+ - Personal Access Tokens
+ summary: Delete Personal Access Token
+ description: |-
+ This deletes a personal access token Any of the following rights are required to access this resource:
+ - idn:my-personal-access-tokens:delete
+ - idn:all-personal-access-tokens:delete
+ - idn:managed-personal-access-tokens:delete
+
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The personal access token id
+ example: ef38f94347e94562b5bb8424a56397d8
+ responses:
+ '204':
+ description: No content.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /public-identities:
+ get:
+ operationId: getPublicIdentities
+ tags:
+ - Public Identities
+ summary: Get a list of public identities
+ parameters:
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: filters
+ schema:
+ type: string
+ description: |-
+ Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+
+ Filtering is supported for the following fields and operators:
+
+ **id**: *eq, in*
+
+ **alias**: *eq, sw*
+
+ **email**: *eq, sw*
+
+ **firstname**: *eq, sw*
+
+ **lastname**: *eq, sw*
+ - in: query
+ name: add-core-filters
+ description: |-
+ If *true*, only get identities which satisfy ALL the following criteria in addition to any criteria specified by *filters*:
+ - Should be either correlated or protected.
+ - Should not be "spadmin" or "cloudadmin".
+ - uid should not be null.
+ - lastname should not be null.
+ - email should not be null.
+ required: false
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: sorters
+ schema:
+ type: string
+ format: comma-separated
+ description: |-
+ Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+
+ Sorting is supported for the following fields: **name**
+ responses:
+ '200':
+ description: A list of public identity objects.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ title: Public Identity
+ description: Details about a public identity
+ properties:
+ id:
+ type: string
+ description: Identity id
+ example: 2c9180857182305e0171993735622948
+ name:
+ type: string
+ description: Human-readable display name of identity.
+ example: Alison Ferguso
+ alias:
+ type: string
+ description: Alternate unique identifier for the identity.
+ example: alison.ferguso
+ email:
+ nullable: true
+ type: string
+ description: Email address of identity.
+ example: alison.ferguso@acme-solar.com
+ status:
+ nullable: true
+ type: string
+ description: The lifecycle status for the identity
+ example: Active
+ manager:
+ description: An identity reference to the manager of this identity
+ type: object
+ nullable: true
+ properties:
+ type:
+ example: IDENTITY
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ id:
+ type: string
+ description: Identity id
+ example: 2c9180a46faadee4016fb4e018c20639
+ name:
+ type: string
+ description: Human-readable display name of identity.
+ example: Thomas Edison
+ attributes:
+ type: array
+ description: The public identity attributes of the identity
+ items:
+ type: object
+ properties:
+ key:
+ type: string
+ description: The attribute key
+ example: country
+ name:
+ type: string
+ description: Human-readable display name of the attribute
+ example: Country
+ value:
+ type: string
+ description: The attribute value
+ example: US
+ example:
+ - id: 2c9180857182305e0171993735622948
+ name: Alison Ferguso
+ alias: alison.ferguso
+ email: alison.ferguso@acme-solar.com
+ status: Active
+ manager:
+ type: IDENTITY
+ id: 2c9180a46faadee4016fb4e018c20639
+ name: Thomas Edison
+ attributes:
+ - key: phone
+ name: Phone
+ value: '5125551234'
+ - key: country
+ name: Country
+ value: US
+ - id: 2c9180a46faadee4016fb4e018c20639
+ name: Thomas Edison
+ alias: thomas.edison
+ email: thomas.edison@acme-solar.com
+ status: Active
+ manager:
+ type: IDENTITY
+ id: 2c918086676d3e0601677611dbde220f
+ name: Mister Manager
+ attributes:
+ - key: phone
+ name: Phone
+ value: '5125554321'
+ - key: country
+ name: Country
+ value: US
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /public-identities-config:
+ get:
+ operationId: getPublicIdentityConfig
+ tags:
+ - Public Identities Config
+ summary: Get the Public Identities Configuration
+ description: Returns the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. A token with ORG ADMIN authority is required to call this API.
+ responses:
+ '200':
+ description: Request succeeded.
+ content:
+ application/json:
+ schema:
+ type: object
+ description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org.
+ properties:
+ attributes:
+ type: array
+ description: Up to 5 identity attributes that will be available to everyone in the org for all users in the org.
+ items:
+ type: object
+ description: Used to map an attribute key for an Identity to its display name.
+ properties:
+ key:
+ type: string
+ description: The attribute key
+ example: country
+ name:
+ type: string
+ description: The attribute display name
+ example: Country
+ modified:
+ nullable: true
+ type: string
+ description: When this configuration was last modified.
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ modifiedBy:
+ description: The identity who last modified this configuration.
+ type: object
+ nullable: true
+ properties:
+ type:
+ example: IDENTITY
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ id:
+ type: string
+ description: Identity id
+ example: 2c9180a46faadee4016fb4e018c20639
+ name:
+ type: string
+ description: Human-readable display name of identity.
+ example: Thomas Edison
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ put:
+ operationId: updatePublicIdentityConfig
+ tags:
+ - Public Identities Config
+ summary: Update the Public Identities Configuration
+ description: Updates the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. A token with ORG ADMIN authority is required to call this API.
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org.
+ properties:
+ attributes:
+ type: array
+ description: Up to 5 identity attributes that will be available to everyone in the org for all users in the org.
+ items:
+ type: object
+ description: Used to map an attribute key for an Identity to its display name.
+ properties:
+ key:
+ type: string
+ description: The attribute key
+ example: country
+ name:
+ type: string
+ description: The attribute display name
+ example: Country
+ modified:
+ nullable: true
+ type: string
+ description: When this configuration was last modified.
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ modifiedBy:
+ description: The identity who last modified this configuration.
+ type: object
+ nullable: true
+ properties:
+ type:
+ example: IDENTITY
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ id:
+ type: string
+ description: Identity id
+ example: 2c9180a46faadee4016fb4e018c20639
+ name:
+ type: string
+ description: Human-readable display name of identity.
+ example: Thomas Edison
+ responses:
+ '200':
+ description: Request succeeded.
+ content:
+ application/json:
+ schema:
+ type: object
+ description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org.
+ properties:
+ attributes:
+ type: array
+ description: Up to 5 identity attributes that will be available to everyone in the org for all users in the org.
+ items:
+ type: object
+ description: Used to map an attribute key for an Identity to its display name.
+ properties:
+ key:
+ type: string
+ description: The attribute key
+ example: country
+ name:
+ type: string
+ description: The attribute display name
+ example: Country
+ modified:
+ nullable: true
+ type: string
+ description: When this configuration was last modified.
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ modifiedBy:
+ description: The identity who last modified this configuration.
+ type: object
+ nullable: true
+ properties:
+ type:
+ example: IDENTITY
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ id:
+ type: string
+ description: Identity id
+ example: 2c9180a46faadee4016fb4e018c20639
+ name:
+ type: string
+ description: Human-readable display name of identity.
+ example: Thomas Edison
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /requestable-objects:
+ get:
+ operationId: listRequestableObjects
+ tags:
+ - Requestable Objects
+ summary: Requestable Objects List
+ description: |-
+ This endpoint returns a list of acccess items that that can be requested through the Access Request endpoints. Access items are marked with AVAILABLE, PENDING or ASSIGNED with respect to the identity provided using *identity-id* query param.
+ Any authenticated token can call this endpoint to see their requestable access items. A token with ORG_ADMIN authority is required to call this endpoint to return a list of all of the requestable access items for the org or for another identity.
+ parameters:
+ - in: query
+ name: identity-id
+ required: false
+ schema:
+ type: string
+ example: e7eab60924f64aa284175b9fa3309599
+ description: |-
+ If present, the value returns only requestable objects for the specified identity.
+ * Admin users can call this with any identity ID value.
+ * Non-admin users can only specify *me* or pass their own identity ID value.
+ * If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result.
+ - in: query
+ name: types
+ description: 'Filters the results to the specified type/types, where each type is one of ROLE or ACCESS_PROFILE. If absent, all types are returned. Support for additional types may be added in the future without notice.'
+ required: false
+ schema:
+ type: array
+ items:
+ type: string
+ enum:
+ - ACCESS_PROFILE
+ - ROLE
+ description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.
+ example: ACCESS_PROFILE
+ example: 'ROLE,ACCESS_PROFILE'
+ explode: false
+ - in: query
+ name: term
+ required: false
+ schema:
+ type: string
+ example: Finance Role
+ description: 'It allows searching requestable access items with a partial match on the name or description. If term is provided, then the *filter* query parameter will be ignored.'
+ - in: query
+ name: statuses
+ description: 'Filters the result to the specified status/statuses, where each status is one of AVAILABLE, ASSIGNED, or PENDING. It is an error to specify this parameter without also specifying an *identity-id* parameter. Additional statuses may be added in the future without notice.'
+ required: false
+ schema:
+ type: array
+ items:
+ type: string
+ enum:
+ - AVAILABLE
+ - PENDING
+ - ASSIGNED
+ description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.'
+ explode: false
+ example:
+ - ASSIGNED
+ - PENDING
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: filters
+ schema:
+ type: string
+ example: name sw "bob"
+ description: |
+ Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+
+ Filtering is supported for the following fields and operators:
+
+ **id**: *eq, in*
+
+ **name**: *eq, in, sw*
+ - in: query
+ name: sorters
+ schema:
+ type: string
+ format: comma-separated
+ example: name
+ description: |
+ Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+
+ Sorting is supported for the following fields: **name**
+ responses:
+ '200':
+ description: List of requestable objects
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: Id of the requestable object itself
+ example: 2c9180835d2e5168015d32f890ca1581
+ name:
+ type: string
+ description: Human-readable display name of the requestable object
+ example: Applied Research Access
+ created:
+ type: string
+ format: date-time
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ nullable: true
+ type: string
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description:
+ type: string
+ description: Description of the requestable object.
+ example: 'Access to research information, lab results, and schematics.'
+ type:
+ type: string
+ enum:
+ - ACCESS_PROFILE
+ - ROLE
+ description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.
+ example: ACCESS_PROFILE
+ requestStatus:
+ type: string
+ enum:
+ - AVAILABLE
+ - PENDING
+ - ASSIGNED
+ description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.'
+ identityRequestId:
+ type: string
+ description: 'If *requestStatus* is *PENDING*, indicates the id of the associated account activity.'
+ nullable: true
+ example: null
+ ownerRef:
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ requestCommentsRequired:
+ type: boolean
+ description: Whether the requester must provide comments when requesting the object.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /saved-searches:
+ post:
+ tags:
+ - Saved Search
+ description: |
+ Creates a new saved search.
+ summary: Create a saved search
+ operationId: savedSearchCreate
+ requestBody:
+ description: The saved search to persist.
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ properties:
+ name:
+ description: |
+ The name of the saved search.
+ type: string
+ example: Disabled accounts
+ description:
+ description: |
+ The description of the saved search.
+ type: string
+ example: Disabled accounts
+ - type: object
+ properties:
+ public:
+ description: |
+ Indicates if the saved search is public.
+ type: boolean
+ default: false
+ created:
+ description: |
+ The date the saved search was initially created.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ modified:
+ description: |
+ The last date the saved search was modified.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ indices:
+ description: |
+ The names of the Elasticsearch indices in which to search.
+ type: array
+ items:
+ description: |-
+ Enum representing the currently supported indices.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofiles
+ - accountactivities
+ - entitlements
+ - events
+ - identities
+ - roles
+ example: identities
+ example:
+ - identities
+ columns:
+ description: |
+ The columns to be returned (specifies the order in which they will be presented) for each document type.
+
+ The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
+ type: object
+ additionalProperties:
+ type: array
+ items:
+ type: object
+ properties:
+ field:
+ description: |
+ The name of the field.
+ type: string
+ header:
+ description: |
+ The value of the header.
+ type: string
+ required:
+ - field
+ example:
+ identity:
+ - field: displayName
+ header: Display Name
+ - field: email
+ header: Work Email
+ - field: attributes.cloudLifecycleState
+ header: Lifecycle State
+ query:
+ description: |
+ The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
+ type: string
+ example: '@accounts(disabled:true)'
+ fields:
+ description: |
+ The fields to be searched against in a multi-field query.
+ type: array
+ items:
+ type: string
+ example:
+ - disabled
+ sort:
+ description: |
+ The fields to be used to sort the search results.
+ type: array
+ items:
+ type: string
+ example:
+ - displayName
+ filters:
+ nullable: true
+ allOf:
+ - type: object
+ description: The filters to be applied for each filtered field name.
+ example:
+ attributes.cloudAuthoritativeSource:
+ type: EXISTS
+ exclude: true
+ accessCount:
+ type: RANGE
+ range:
+ lower:
+ value: '3'
+ created:
+ type: RANGE
+ range:
+ lower:
+ value: '2019-12-01'
+ inclusive: true
+ upper:
+ value: '2020-01-01'
+ source.name:
+ type: TERMS
+ terms:
+ - HR Employees
+ - Corporate Active Directory
+ exclude: true
+ protected:
+ type: TERMS
+ terms:
+ - 'true'
+ - type: object
+ properties:
+ type:
+ description: |-
+ Enum representing the currently supported filter types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - EXISTS
+ - RANGE
+ - TERMS
+ example: RANGE
+ range:
+ type: object
+ description: The range of values to be filtered.
+ properties:
+ lower:
+ description: The lower bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ upper:
+ description: The upper bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ terms:
+ description: The terms to be filtered.
+ type: array
+ items:
+ type: string
+ exclude:
+ description: Indicates if the filter excludes results.
+ type: boolean
+ default: false
+ required:
+ - indices
+ - query
+ required: true
+ responses:
+ '201':
+ description: The persisted saved search.
+ content:
+ application/json:
+ schema:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ id:
+ description: |
+ The saved search ID.
+ type: string
+ example: 0de46054-fe90-434a-b84e-c6b3359d0c64
+ owner:
+ description: |
+ The owner of the saved search.
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ - type: object
+ properties:
+ name:
+ description: |
+ The name of the saved search.
+ type: string
+ example: Disabled accounts
+ description:
+ description: |
+ The description of the saved search.
+ type: string
+ example: Disabled accounts
+ - type: object
+ properties:
+ public:
+ description: |
+ Indicates if the saved search is public.
+ type: boolean
+ default: false
+ created:
+ description: |
+ The date the saved search was initially created.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ modified:
+ description: |
+ The last date the saved search was modified.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ indices:
+ description: |
+ The names of the Elasticsearch indices in which to search.
+ type: array
+ items:
+ description: |-
+ Enum representing the currently supported indices.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofiles
+ - accountactivities
+ - entitlements
+ - events
+ - identities
+ - roles
+ example: identities
+ example:
+ - identities
+ columns:
+ description: |
+ The columns to be returned (specifies the order in which they will be presented) for each document type.
+
+ The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
+ type: object
+ additionalProperties:
+ type: array
+ items:
+ type: object
+ properties:
+ field:
+ description: |
+ The name of the field.
+ type: string
+ header:
+ description: |
+ The value of the header.
+ type: string
+ required:
+ - field
+ example:
+ identity:
+ - field: displayName
+ header: Display Name
+ - field: email
+ header: Work Email
+ - field: attributes.cloudLifecycleState
+ header: Lifecycle State
+ query:
+ description: |
+ The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
+ type: string
+ example: '@accounts(disabled:true)'
+ fields:
+ description: |
+ The fields to be searched against in a multi-field query.
+ type: array
+ items:
+ type: string
+ example:
+ - disabled
+ sort:
+ description: |
+ The fields to be used to sort the search results.
+ type: array
+ items:
+ type: string
+ example:
+ - displayName
+ filters:
+ nullable: true
+ allOf:
+ - type: object
+ description: The filters to be applied for each filtered field name.
+ example:
+ attributes.cloudAuthoritativeSource:
+ type: EXISTS
+ exclude: true
+ accessCount:
+ type: RANGE
+ range:
+ lower:
+ value: '3'
+ created:
+ type: RANGE
+ range:
+ lower:
+ value: '2019-12-01'
+ inclusive: true
+ upper:
+ value: '2020-01-01'
+ source.name:
+ type: TERMS
+ terms:
+ - HR Employees
+ - Corporate Active Directory
+ exclude: true
+ protected:
+ type: TERMS
+ terms:
+ - 'true'
+ - type: object
+ properties:
+ type:
+ description: |-
+ Enum representing the currently supported filter types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - EXISTS
+ - RANGE
+ - TERMS
+ example: RANGE
+ range:
+ type: object
+ description: The range of values to be filtered.
+ properties:
+ lower:
+ description: The lower bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ upper:
+ description: The upper bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ terms:
+ description: The terms to be filtered.
+ type: array
+ items:
+ type: string
+ exclude:
+ description: Indicates if the filter excludes results.
+ type: boolean
+ default: false
+ required:
+ - indices
+ - query
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ get:
+ tags:
+ - Saved Search
+ description: |
+ Returns a list of saved searches.
+ summary: Return a list of Saved Searches
+ operationId: savedSearchList
+ parameters:
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - name: filters
+ in: query
+ schema:
+ type: string
+ description: |
+ An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).
+
+ Allowed filter properties: *owner.id*, *public*
+
+ Allowed filter operator: *eq*
+
+ **Example filters**:
+
+ ```owner.id eq "0de46054-fe90-434a-b84e-c6b3359d0c64"``` -- returns saved searches for the specified owner ID
+
+ ```public eq true``` -- returns all public saved searches
+
+ ```owner.id eq me or public eq true``` -- returns all of the current user's saved searches as well as all public saved searches belonging to other users in the current org
+ responses:
+ '200':
+ description: The list of requested saved searches.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ id:
+ description: |
+ The saved search ID.
+ type: string
+ example: 0de46054-fe90-434a-b84e-c6b3359d0c64
+ owner:
+ description: |
+ The owner of the saved search.
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ - type: object
+ properties:
+ name:
+ description: |
+ The name of the saved search.
+ type: string
+ example: Disabled accounts
+ description:
+ description: |
+ The description of the saved search.
+ type: string
+ example: Disabled accounts
+ - type: object
+ properties:
+ public:
+ description: |
+ Indicates if the saved search is public.
+ type: boolean
+ default: false
+ created:
+ description: |
+ The date the saved search was initially created.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ modified:
+ description: |
+ The last date the saved search was modified.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ indices:
+ description: |
+ The names of the Elasticsearch indices in which to search.
+ type: array
+ items:
+ description: |-
+ Enum representing the currently supported indices.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofiles
+ - accountactivities
+ - entitlements
+ - events
+ - identities
+ - roles
+ example: identities
+ example:
+ - identities
+ columns:
+ description: |
+ The columns to be returned (specifies the order in which they will be presented) for each document type.
+
+ The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
+ type: object
+ additionalProperties:
+ type: array
+ items:
+ type: object
+ properties:
+ field:
+ description: |
+ The name of the field.
+ type: string
+ header:
+ description: |
+ The value of the header.
+ type: string
+ required:
+ - field
+ example:
+ identity:
+ - field: displayName
+ header: Display Name
+ - field: email
+ header: Work Email
+ - field: attributes.cloudLifecycleState
+ header: Lifecycle State
+ query:
+ description: |
+ The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
+ type: string
+ example: '@accounts(disabled:true)'
+ fields:
+ description: |
+ The fields to be searched against in a multi-field query.
+ type: array
+ items:
+ type: string
+ example:
+ - disabled
+ sort:
+ description: |
+ The fields to be used to sort the search results.
+ type: array
+ items:
+ type: string
+ example:
+ - displayName
+ filters:
+ nullable: true
+ allOf:
+ - type: object
+ description: The filters to be applied for each filtered field name.
+ example:
+ attributes.cloudAuthoritativeSource:
+ type: EXISTS
+ exclude: true
+ accessCount:
+ type: RANGE
+ range:
+ lower:
+ value: '3'
+ created:
+ type: RANGE
+ range:
+ lower:
+ value: '2019-12-01'
+ inclusive: true
+ upper:
+ value: '2020-01-01'
+ source.name:
+ type: TERMS
+ terms:
+ - HR Employees
+ - Corporate Active Directory
+ exclude: true
+ protected:
+ type: TERMS
+ terms:
+ - 'true'
+ - type: object
+ properties:
+ type:
+ description: |-
+ Enum representing the currently supported filter types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - EXISTS
+ - RANGE
+ - TERMS
+ example: RANGE
+ range:
+ type: object
+ description: The range of values to be filtered.
+ properties:
+ lower:
+ description: The lower bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ upper:
+ description: The upper bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ terms:
+ description: The terms to be filtered.
+ type: array
+ items:
+ type: string
+ exclude:
+ description: Indicates if the filter excludes results.
+ type: boolean
+ default: false
+ required:
+ - indices
+ - query
+ headers:
+ X-Total-Count:
+ description: The total result count (returned only if the *count* parameter is specified as *true*).
+ schema:
+ type: integer
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '/saved-searches/{id}':
+ put:
+ tags:
+ - Saved Search
+ description: |
+ Updates an existing saved search.
+ summary: |
+ Updates an existing saved search
+ operationId: savedSearchUpdate
+ parameters:
+ - in: path
+ name: id
+ description: ID of the requested document.
+ schema:
+ type: string
+ required: true
+ requestBody:
+ description: The saved search to persist.
+ content:
+ application/json:
+ schema:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ id:
+ description: |
+ The saved search ID.
+ type: string
+ example: 0de46054-fe90-434a-b84e-c6b3359d0c64
+ owner:
+ description: |
+ The owner of the saved search.
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ - type: object
+ properties:
+ name:
+ description: |
+ The name of the saved search.
+ type: string
+ example: Disabled accounts
+ description:
+ description: |
+ The description of the saved search.
+ type: string
+ example: Disabled accounts
+ - type: object
+ properties:
+ public:
+ description: |
+ Indicates if the saved search is public.
+ type: boolean
+ default: false
+ created:
+ description: |
+ The date the saved search was initially created.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ modified:
+ description: |
+ The last date the saved search was modified.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ indices:
+ description: |
+ The names of the Elasticsearch indices in which to search.
+ type: array
+ items:
+ description: |-
+ Enum representing the currently supported indices.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofiles
+ - accountactivities
+ - entitlements
+ - events
+ - identities
+ - roles
+ example: identities
+ example:
+ - identities
+ columns:
+ description: |
+ The columns to be returned (specifies the order in which they will be presented) for each document type.
+
+ The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
+ type: object
+ additionalProperties:
+ type: array
+ items:
+ type: object
+ properties:
+ field:
+ description: |
+ The name of the field.
+ type: string
+ header:
+ description: |
+ The value of the header.
+ type: string
+ required:
+ - field
+ example:
+ identity:
+ - field: displayName
+ header: Display Name
+ - field: email
+ header: Work Email
+ - field: attributes.cloudLifecycleState
+ header: Lifecycle State
+ query:
+ description: |
+ The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
+ type: string
+ example: '@accounts(disabled:true)'
+ fields:
+ description: |
+ The fields to be searched against in a multi-field query.
+ type: array
+ items:
+ type: string
+ example:
+ - disabled
+ sort:
+ description: |
+ The fields to be used to sort the search results.
+ type: array
+ items:
+ type: string
+ example:
+ - displayName
+ filters:
+ nullable: true
+ allOf:
+ - type: object
+ description: The filters to be applied for each filtered field name.
+ example:
+ attributes.cloudAuthoritativeSource:
+ type: EXISTS
+ exclude: true
+ accessCount:
+ type: RANGE
+ range:
+ lower:
+ value: '3'
+ created:
+ type: RANGE
+ range:
+ lower:
+ value: '2019-12-01'
+ inclusive: true
+ upper:
+ value: '2020-01-01'
+ source.name:
+ type: TERMS
+ terms:
+ - HR Employees
+ - Corporate Active Directory
+ exclude: true
+ protected:
+ type: TERMS
+ terms:
+ - 'true'
+ - type: object
+ properties:
+ type:
+ description: |-
+ Enum representing the currently supported filter types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - EXISTS
+ - RANGE
+ - TERMS
+ example: RANGE
+ range:
+ type: object
+ description: The range of values to be filtered.
+ properties:
+ lower:
+ description: The lower bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ upper:
+ description: The upper bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ terms:
+ description: The terms to be filtered.
+ type: array
+ items:
+ type: string
+ exclude:
+ description: Indicates if the filter excludes results.
+ type: boolean
+ default: false
+ required:
+ - indices
+ - query
+ required: true
+ responses:
+ '200':
+ description: The persisted saved search.
+ content:
+ application/json:
+ schema:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ id:
+ description: |
+ The saved search ID.
+ type: string
+ example: 0de46054-fe90-434a-b84e-c6b3359d0c64
+ owner:
+ description: |
+ The owner of the saved search.
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ - type: object
+ properties:
+ name:
+ description: |
+ The name of the saved search.
+ type: string
+ example: Disabled accounts
+ description:
+ description: |
+ The description of the saved search.
+ type: string
+ example: Disabled accounts
+ - type: object
+ properties:
+ public:
+ description: |
+ Indicates if the saved search is public.
+ type: boolean
+ default: false
+ created:
+ description: |
+ The date the saved search was initially created.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ modified:
+ description: |
+ The last date the saved search was modified.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ indices:
+ description: |
+ The names of the Elasticsearch indices in which to search.
+ type: array
+ items:
+ description: |-
+ Enum representing the currently supported indices.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofiles
+ - accountactivities
+ - entitlements
+ - events
+ - identities
+ - roles
+ example: identities
+ example:
+ - identities
+ columns:
+ description: |
+ The columns to be returned (specifies the order in which they will be presented) for each document type.
+
+ The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
+ type: object
+ additionalProperties:
+ type: array
+ items:
+ type: object
+ properties:
+ field:
+ description: |
+ The name of the field.
+ type: string
+ header:
+ description: |
+ The value of the header.
+ type: string
+ required:
+ - field
+ example:
+ identity:
+ - field: displayName
+ header: Display Name
+ - field: email
+ header: Work Email
+ - field: attributes.cloudLifecycleState
+ header: Lifecycle State
+ query:
+ description: |
+ The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
+ type: string
+ example: '@accounts(disabled:true)'
+ fields:
+ description: |
+ The fields to be searched against in a multi-field query.
+ type: array
+ items:
+ type: string
+ example:
+ - disabled
+ sort:
+ description: |
+ The fields to be used to sort the search results.
+ type: array
+ items:
+ type: string
+ example:
+ - displayName
+ filters:
+ nullable: true
+ allOf:
+ - type: object
+ description: The filters to be applied for each filtered field name.
+ example:
+ attributes.cloudAuthoritativeSource:
+ type: EXISTS
+ exclude: true
+ accessCount:
+ type: RANGE
+ range:
+ lower:
+ value: '3'
+ created:
+ type: RANGE
+ range:
+ lower:
+ value: '2019-12-01'
+ inclusive: true
+ upper:
+ value: '2020-01-01'
+ source.name:
+ type: TERMS
+ terms:
+ - HR Employees
+ - Corporate Active Directory
+ exclude: true
+ protected:
+ type: TERMS
+ terms:
+ - 'true'
+ - type: object
+ properties:
+ type:
+ description: |-
+ Enum representing the currently supported filter types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - EXISTS
+ - RANGE
+ - TERMS
+ example: RANGE
+ range:
+ type: object
+ description: The range of values to be filtered.
+ properties:
+ lower:
+ description: The lower bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ upper:
+ description: The upper bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ terms:
+ description: The terms to be filtered.
+ type: array
+ items:
+ type: string
+ exclude:
+ description: Indicates if the filter excludes results.
+ type: boolean
+ default: false
+ required:
+ - indices
+ - query
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ get:
+ tags:
+ - Saved Search
+ description: |
+ Returns the specified saved search.
+ summary: Return a saved search by ID
+ operationId: savedSearchGet
+ parameters:
+ - in: path
+ name: id
+ description: ID of the requested document.
+ schema:
+ type: string
+ required: true
+ responses:
+ '200':
+ description: The requested saved search.
+ content:
+ application/json:
+ schema:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ id:
+ description: |
+ The saved search ID.
+ type: string
+ example: 0de46054-fe90-434a-b84e-c6b3359d0c64
+ owner:
+ description: |
+ The owner of the saved search.
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ - type: object
+ properties:
+ name:
+ description: |
+ The name of the saved search.
+ type: string
+ example: Disabled accounts
+ description:
+ description: |
+ The description of the saved search.
+ type: string
+ example: Disabled accounts
+ - type: object
+ properties:
+ public:
+ description: |
+ Indicates if the saved search is public.
+ type: boolean
+ default: false
+ created:
+ description: |
+ The date the saved search was initially created.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ modified:
+ description: |
+ The last date the saved search was modified.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ indices:
+ description: |
+ The names of the Elasticsearch indices in which to search.
+ type: array
+ items:
+ description: |-
+ Enum representing the currently supported indices.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofiles
+ - accountactivities
+ - entitlements
+ - events
+ - identities
+ - roles
+ example: identities
+ example:
+ - identities
+ columns:
+ description: |
+ The columns to be returned (specifies the order in which they will be presented) for each document type.
+
+ The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
+ type: object
+ additionalProperties:
+ type: array
+ items:
+ type: object
+ properties:
+ field:
+ description: |
+ The name of the field.
+ type: string
+ header:
+ description: |
+ The value of the header.
+ type: string
+ required:
+ - field
+ example:
+ identity:
+ - field: displayName
+ header: Display Name
+ - field: email
+ header: Work Email
+ - field: attributes.cloudLifecycleState
+ header: Lifecycle State
+ query:
+ description: |
+ The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
+ type: string
+ example: '@accounts(disabled:true)'
+ fields:
+ description: |
+ The fields to be searched against in a multi-field query.
+ type: array
+ items:
+ type: string
+ example:
+ - disabled
+ sort:
+ description: |
+ The fields to be used to sort the search results.
+ type: array
+ items:
+ type: string
+ example:
+ - displayName
+ filters:
+ nullable: true
+ allOf:
+ - type: object
+ description: The filters to be applied for each filtered field name.
+ example:
+ attributes.cloudAuthoritativeSource:
+ type: EXISTS
+ exclude: true
+ accessCount:
+ type: RANGE
+ range:
+ lower:
+ value: '3'
+ created:
+ type: RANGE
+ range:
+ lower:
+ value: '2019-12-01'
+ inclusive: true
+ upper:
+ value: '2020-01-01'
+ source.name:
+ type: TERMS
+ terms:
+ - HR Employees
+ - Corporate Active Directory
+ exclude: true
+ protected:
+ type: TERMS
+ terms:
+ - 'true'
+ - type: object
+ properties:
+ type:
+ description: |-
+ Enum representing the currently supported filter types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - EXISTS
+ - RANGE
+ - TERMS
+ example: RANGE
+ range:
+ type: object
+ description: The range of values to be filtered.
+ properties:
+ lower:
+ description: The lower bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ upper:
+ description: The upper bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ terms:
+ description: The terms to be filtered.
+ type: array
+ items:
+ type: string
+ exclude:
+ description: Indicates if the filter excludes results.
+ type: boolean
+ default: false
+ required:
+ - indices
+ - query
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ delete:
+ tags:
+ - Saved Search
+ description: |
+ Deletes the specified saved search.
+ summary: Delete a document by ID
+ operationId: savedSearchDelete
+ parameters:
+ - in: path
+ name: id
+ description: ID of the requested document.
+ schema:
+ type: string
+ required: true
+ responses:
+ '204':
+ description: No Content - Indicates the request was successful but there is no content to be returned in the response.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '/saved-searches/{id}/execute':
+ post:
+ tags:
+ - Saved Search
+ description: |
+ Executes the specified saved search.
+ summary: Execute a saved search by ID
+ operationId: savedSearchExecute
+ parameters:
+ - in: path
+ name: id
+ description: ID of the requested document.
+ schema:
+ type: string
+ required: true
+ requestBody:
+ description: |
+ When saved search execution is triggered by a scheduled search, *scheduleId* will specify the ID of the triggering scheduled search.
+
+ If *scheduleId* is not specified (when execution is triggered by a UI test), the *owner* and *recipients* arguments must be provided.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ scheduleId:
+ description: |
+ The ID of the scheduled search that triggered the saved search execution.
+ type: string
+ example: 7a724640-0c17-4ce9-a8c3-4a89738459c8
+ owner:
+ description: |
+ The owner of the scheduled search being tested.
+ allOf:
+ - type: object
+ description: |
+ A typed reference to the object.
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ recipients:
+ description: |
+ The email recipients of the scheduled search being tested.
+ type: array
+ items:
+ type: object
+ description: |
+ A typed reference to the object.
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ examples:
+ scheduled:
+ summary: Triggered by Scheduled Search
+ value:
+ scheduleId: 7a724640-0c17-4ce9-a8c3-4a89738459c8
+ test:
+ summary: Triggered by UI Test
+ value:
+ owner:
+ type: IDENTITY
+ id: 2c91808568c529c60168cca6f90c1313
+ recipients:
+ - type: IDENTITY
+ id: 2c91808568c529c60168cca6f90c1313
+ required: true
+ responses:
+ '202':
+ description: Accepted - Returned if the request was successfully accepted into the system.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /scheduled-searches:
+ post:
+ tags:
+ - Scheduled Search
+ description: |
+ Creates a new scheduled search.
+ summary: Create a new scheduled search
+ operationId: scheduledSearchCreate
+ requestBody:
+ description: The scheduled search to persist.
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ properties:
+ name:
+ description: |
+ The name of the scheduled search.
+ type: string
+ example: Daily disabled accounts
+ description:
+ description: |
+ The description of the scheduled search.
+ type: string
+ example: Daily disabled accounts
+ - type: object
+ properties:
+ savedSearchId:
+ description: |
+ The ID of the saved search that will be executed.
+ type: string
+ example: 554f1511-f0a1-4744-ab14-599514d3e57c
+ created:
+ description: |
+ The date the scheduled search was initially created.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ modified:
+ description: |
+ The last date the scheduled search was modified.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ schedule:
+ type: object
+ description: |
+ The schedule information.
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported schedule types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - DAILY
+ - WEEKLY
+ - MONTHLY
+ - CALENDAR
+ example: WEEKLY
+ months:
+ description: The months selected.
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ days:
+ description: |
+ The days selected.
+ example:
+ type: LIST
+ values:
+ - MON
+ - WED
+ - FRI
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ hours:
+ description: |
+ The hours selected.
+ example:
+ type: RANGE
+ values:
+ - '9'
+ - '18'
+ interval: 3
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ expiration:
+ description: |
+ The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ timeZoneId:
+ description: |
+ The ID of the time zone for the schedule.
+ type: string
+ example: 'GMT-06:00'
+ required:
+ - type
+ - hours
+ recipients:
+ description: |
+ The email recipients.
+ type: array
+ items:
+ type: object
+ description: |
+ A typed reference to the object.
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ enabled:
+ description: |
+ Indicates if the scheduled search is enabled.
+ type: boolean
+ default: false
+ emailEmptyResults:
+ description: |
+ Indicates if email generation should not be suppressed if search returns no results.
+ type: boolean
+ default: false
+ displayQueryDetails:
+ description: |
+ Indicates if the generated email should include the query and search results preview (which could include PII).
+ type: boolean
+ default: false
+ required:
+ - savedSearchId
+ - schedule
+ - recipients
+ required: true
+ responses:
+ '201':
+ description: The persisted scheduled search.
+ content:
+ application/json:
+ schema:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ name:
+ description: |
+ The name of the scheduled search.
+ type: string
+ example: Daily disabled accounts
+ description:
+ description: |
+ The description of the scheduled search.
+ type: string
+ example: Daily disabled accounts
+ - type: object
+ properties:
+ savedSearchId:
+ description: |
+ The ID of the saved search that will be executed.
+ type: string
+ example: 554f1511-f0a1-4744-ab14-599514d3e57c
+ created:
+ description: |
+ The date the scheduled search was initially created.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ modified:
+ description: |
+ The last date the scheduled search was modified.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ schedule:
+ type: object
+ description: |
+ The schedule information.
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported schedule types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - DAILY
+ - WEEKLY
+ - MONTHLY
+ - CALENDAR
+ example: WEEKLY
+ months:
+ description: The months selected.
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ days:
+ description: |
+ The days selected.
+ example:
+ type: LIST
+ values:
+ - MON
+ - WED
+ - FRI
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ hours:
+ description: |
+ The hours selected.
+ example:
+ type: RANGE
+ values:
+ - '9'
+ - '18'
+ interval: 3
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ expiration:
+ description: |
+ The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ timeZoneId:
+ description: |
+ The ID of the time zone for the schedule.
+ type: string
+ example: 'GMT-06:00'
+ required:
+ - type
+ - hours
+ recipients:
+ description: |
+ The email recipients.
+ type: array
+ items:
+ type: object
+ description: |
+ A typed reference to the object.
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ enabled:
+ description: |
+ Indicates if the scheduled search is enabled.
+ type: boolean
+ default: false
+ emailEmptyResults:
+ description: |
+ Indicates if email generation should not be suppressed if search returns no results.
+ type: boolean
+ default: false
+ displayQueryDetails:
+ description: |
+ Indicates if the generated email should include the query and search results preview (which could include PII).
+ type: boolean
+ default: false
+ required:
+ - savedSearchId
+ - schedule
+ - recipients
+ - type: object
+ properties:
+ id:
+ description: |
+ The scheduled search ID.
+ type: string
+ example: 0de46054-fe90-434a-b84e-c6b3359d0c64
+ owner:
+ description: |
+ The owner of the scheduled search.
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ ownerId:
+ description: The ID of the scheduled search owner
+ type: string
+ example: 2c9180867624cbd7017642d8c8c81f67
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ get:
+ tags:
+ - Scheduled Search
+ description: |
+ Returns a list of scheduled searches.
+ summary: Return a list of scheduled searches
+ operationId: scheduledSearchList
+ parameters:
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - name: filters
+ in: query
+ schema:
+ type: string
+ description: |
+ An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).
+
+ Allowed filter properties: *owner.id*, *savedSearchId*
+
+ Allowed filter operator: *eq*
+
+ **Example filters**:
+
+ ```owner.id eq "0de46054-fe90-434a-b84e-c6b3359d0c64"``` -- returns scheduled searches for the specified owner ID
+
+ ```savedSearchId eq "6cc0945d-9eeb-4948-9033-72d066e1153e"``` -- returns scheduled searches that reference the specified saved search
+
+ ```owner.id eq me or savedSearchId eq "6cc0945d-9eeb-4948-9033-72d066e1153e"``` -- returns all of the current user's scheduled searches as well as all scheduled searches that reference the specified saved search
+ responses:
+ '200':
+ description: The list of requested scheduled searches.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ name:
+ description: |
+ The name of the scheduled search.
+ type: string
+ example: Daily disabled accounts
+ description:
+ description: |
+ The description of the scheduled search.
+ type: string
+ example: Daily disabled accounts
+ - type: object
+ properties:
+ savedSearchId:
+ description: |
+ The ID of the saved search that will be executed.
+ type: string
+ example: 554f1511-f0a1-4744-ab14-599514d3e57c
+ created:
+ description: |
+ The date the scheduled search was initially created.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ modified:
+ description: |
+ The last date the scheduled search was modified.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ schedule:
+ type: object
+ description: |
+ The schedule information.
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported schedule types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - DAILY
+ - WEEKLY
+ - MONTHLY
+ - CALENDAR
+ example: WEEKLY
+ months:
+ description: The months selected.
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ days:
+ description: |
+ The days selected.
+ example:
+ type: LIST
+ values:
+ - MON
+ - WED
+ - FRI
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ hours:
+ description: |
+ The hours selected.
+ example:
+ type: RANGE
+ values:
+ - '9'
+ - '18'
+ interval: 3
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ expiration:
+ description: |
+ The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ timeZoneId:
+ description: |
+ The ID of the time zone for the schedule.
+ type: string
+ example: 'GMT-06:00'
+ required:
+ - type
+ - hours
+ recipients:
+ description: |
+ The email recipients.
+ type: array
+ items:
+ type: object
+ description: |
+ A typed reference to the object.
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ enabled:
+ description: |
+ Indicates if the scheduled search is enabled.
+ type: boolean
+ default: false
+ emailEmptyResults:
+ description: |
+ Indicates if email generation should not be suppressed if search returns no results.
+ type: boolean
+ default: false
+ displayQueryDetails:
+ description: |
+ Indicates if the generated email should include the query and search results preview (which could include PII).
+ type: boolean
+ default: false
+ required:
+ - savedSearchId
+ - schedule
+ - recipients
+ - type: object
+ properties:
+ id:
+ description: |
+ The scheduled search ID.
+ type: string
+ example: 0de46054-fe90-434a-b84e-c6b3359d0c64
+ owner:
+ description: |
+ The owner of the scheduled search.
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ ownerId:
+ description: The ID of the scheduled search owner
+ type: string
+ example: 2c9180867624cbd7017642d8c8c81f67
+ headers:
+ X-Total-Count:
+ description: The total result count (returned only if the *count* parameter is specified as *true*).
+ schema:
+ type: integer
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '/scheduled-searches/{id}':
+ put:
+ tags:
+ - Scheduled Search
+ description: |
+ Updates an existing scheduled search.
+ summary: Update an existing Scheduled Search
+ operationId: scheduledSearchUpdate
+ parameters:
+ - in: path
+ name: id
+ description: ID of the requested document.
+ schema:
+ type: string
+ required: true
+ requestBody:
+ description: The scheduled search to persist.
+ content:
+ application/json:
+ schema:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ name:
+ description: |
+ The name of the scheduled search.
+ type: string
+ example: Daily disabled accounts
+ description:
+ description: |
+ The description of the scheduled search.
+ type: string
+ example: Daily disabled accounts
+ - type: object
+ properties:
+ savedSearchId:
+ description: |
+ The ID of the saved search that will be executed.
+ type: string
+ example: 554f1511-f0a1-4744-ab14-599514d3e57c
+ created:
+ description: |
+ The date the scheduled search was initially created.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ modified:
+ description: |
+ The last date the scheduled search was modified.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ schedule:
+ type: object
+ description: |
+ The schedule information.
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported schedule types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - DAILY
+ - WEEKLY
+ - MONTHLY
+ - CALENDAR
+ example: WEEKLY
+ months:
+ description: The months selected.
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ days:
+ description: |
+ The days selected.
+ example:
+ type: LIST
+ values:
+ - MON
+ - WED
+ - FRI
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ hours:
+ description: |
+ The hours selected.
+ example:
+ type: RANGE
+ values:
+ - '9'
+ - '18'
+ interval: 3
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ expiration:
+ description: |
+ The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ timeZoneId:
+ description: |
+ The ID of the time zone for the schedule.
+ type: string
+ example: 'GMT-06:00'
+ required:
+ - type
+ - hours
+ recipients:
+ description: |
+ The email recipients.
+ type: array
+ items:
+ type: object
+ description: |
+ A typed reference to the object.
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ enabled:
+ description: |
+ Indicates if the scheduled search is enabled.
+ type: boolean
+ default: false
+ emailEmptyResults:
+ description: |
+ Indicates if email generation should not be suppressed if search returns no results.
+ type: boolean
+ default: false
+ displayQueryDetails:
+ description: |
+ Indicates if the generated email should include the query and search results preview (which could include PII).
+ type: boolean
+ default: false
+ required:
+ - savedSearchId
+ - schedule
+ - recipients
+ - type: object
+ properties:
+ id:
+ description: |
+ The scheduled search ID.
+ type: string
+ example: 0de46054-fe90-434a-b84e-c6b3359d0c64
+ owner:
+ description: |
+ The owner of the scheduled search.
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ ownerId:
+ description: The ID of the scheduled search owner
+ type: string
+ example: 2c9180867624cbd7017642d8c8c81f67
+ required: true
+ responses:
+ '200':
+ description: The persisted scheduled search.
+ content:
+ application/json:
+ schema:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ name:
+ description: |
+ The name of the scheduled search.
+ type: string
+ example: Daily disabled accounts
+ description:
+ description: |
+ The description of the scheduled search.
+ type: string
+ example: Daily disabled accounts
+ - type: object
+ properties:
+ savedSearchId:
+ description: |
+ The ID of the saved search that will be executed.
+ type: string
+ example: 554f1511-f0a1-4744-ab14-599514d3e57c
+ created:
+ description: |
+ The date the scheduled search was initially created.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ modified:
+ description: |
+ The last date the scheduled search was modified.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ schedule:
+ type: object
+ description: |
+ The schedule information.
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported schedule types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - DAILY
+ - WEEKLY
+ - MONTHLY
+ - CALENDAR
+ example: WEEKLY
+ months:
+ description: The months selected.
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ days:
+ description: |
+ The days selected.
+ example:
+ type: LIST
+ values:
+ - MON
+ - WED
+ - FRI
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ hours:
+ description: |
+ The hours selected.
+ example:
+ type: RANGE
+ values:
+ - '9'
+ - '18'
+ interval: 3
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ expiration:
+ description: |
+ The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ timeZoneId:
+ description: |
+ The ID of the time zone for the schedule.
+ type: string
+ example: 'GMT-06:00'
+ required:
+ - type
+ - hours
+ recipients:
+ description: |
+ The email recipients.
+ type: array
+ items:
+ type: object
+ description: |
+ A typed reference to the object.
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ enabled:
+ description: |
+ Indicates if the scheduled search is enabled.
+ type: boolean
+ default: false
+ emailEmptyResults:
+ description: |
+ Indicates if email generation should not be suppressed if search returns no results.
+ type: boolean
+ default: false
+ displayQueryDetails:
+ description: |
+ Indicates if the generated email should include the query and search results preview (which could include PII).
+ type: boolean
+ default: false
+ required:
+ - savedSearchId
+ - schedule
+ - recipients
+ - type: object
+ properties:
+ id:
+ description: |
+ The scheduled search ID.
+ type: string
+ example: 0de46054-fe90-434a-b84e-c6b3359d0c64
+ owner:
+ description: |
+ The owner of the scheduled search.
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ ownerId:
+ description: The ID of the scheduled search owner
+ type: string
+ example: 2c9180867624cbd7017642d8c8c81f67
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ get:
+ tags:
+ - Scheduled Search
+ description: |
+ Returns the specified scheduled search.
+ summary: Return a Scheduled Search by ID
+ operationId: scheduledSearchGet
+ parameters:
+ - in: path
+ name: id
+ description: ID of the requested document.
+ schema:
+ type: string
+ required: true
+ responses:
+ '200':
+ description: The requested scheduled search.
+ content:
+ application/json:
+ schema:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ name:
+ description: |
+ The name of the scheduled search.
+ type: string
+ example: Daily disabled accounts
+ description:
+ description: |
+ The description of the scheduled search.
+ type: string
+ example: Daily disabled accounts
+ - type: object
+ properties:
+ savedSearchId:
+ description: |
+ The ID of the saved search that will be executed.
+ type: string
+ example: 554f1511-f0a1-4744-ab14-599514d3e57c
+ created:
+ description: |
+ The date the scheduled search was initially created.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ modified:
+ description: |
+ The last date the scheduled search was modified.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ schedule:
+ type: object
+ description: |
+ The schedule information.
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported schedule types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - DAILY
+ - WEEKLY
+ - MONTHLY
+ - CALENDAR
+ example: WEEKLY
+ months:
+ description: The months selected.
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ days:
+ description: |
+ The days selected.
+ example:
+ type: LIST
+ values:
+ - MON
+ - WED
+ - FRI
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ hours:
+ description: |
+ The hours selected.
+ example:
+ type: RANGE
+ values:
+ - '9'
+ - '18'
+ interval: 3
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ expiration:
+ description: |
+ The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ timeZoneId:
+ description: |
+ The ID of the time zone for the schedule.
+ type: string
+ example: 'GMT-06:00'
+ required:
+ - type
+ - hours
+ recipients:
+ description: |
+ The email recipients.
+ type: array
+ items:
+ type: object
+ description: |
+ A typed reference to the object.
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ enabled:
+ description: |
+ Indicates if the scheduled search is enabled.
+ type: boolean
+ default: false
+ emailEmptyResults:
+ description: |
+ Indicates if email generation should not be suppressed if search returns no results.
+ type: boolean
+ default: false
+ displayQueryDetails:
+ description: |
+ Indicates if the generated email should include the query and search results preview (which could include PII).
+ type: boolean
+ default: false
+ required:
+ - savedSearchId
+ - schedule
+ - recipients
+ - type: object
+ properties:
+ id:
+ description: |
+ The scheduled search ID.
+ type: string
+ example: 0de46054-fe90-434a-b84e-c6b3359d0c64
+ owner:
+ description: |
+ The owner of the scheduled search.
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ ownerId:
+ description: The ID of the scheduled search owner
+ type: string
+ example: 2c9180867624cbd7017642d8c8c81f67
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ delete:
+ tags:
+ - Scheduled Search
+ description: |
+ Deletes the specified scheduled search.
+ operationId: scheduledSearchDelete
+ summary: Delete a Scheduled Search by ID
+ parameters:
+ - in: path
+ name: id
+ description: ID of the requested document.
+ schema:
+ type: string
+ required: true
+ responses:
+ '204':
+ description: No Content - Indicates the request was successful but there is no content to be returned in the response.
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '/scheduled-searches/{id}/unsubscribe':
+ post:
+ tags:
+ - Scheduled Search
+ description: |
+ Unsubscribes a recipient from the specified scheduled search.
+ operationId: scheduledSearchUnsubscribe
+ summary: Unsubscribe a recipient from Scheduled Search
+ parameters:
+ - in: path
+ name: id
+ description: ID of the requested document.
+ schema:
+ type: string
+ required: true
+ requestBody:
+ description: |
+ The recipient to be removed from the scheduled search.
+ content:
+ application/json:
+ schema:
+ type: object
+ description: |
+ A typed reference to the object.
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ required: true
+ responses:
+ '204':
+ description: No Content - Indicates the request was successful but there is no content to be returned in the response.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ /search:
+ post:
+ tags:
+ - Search
+ description: Performs a search with the provided query and returns a matching result collection.
+ externalDocs:
+ description: Learn more about search.
+ url: 'https://documentation.sailpoint.com/saas/help/search/index.html'
+ operationId: searchPost
+ summary: Perform Search
+ parameters:
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ requestBody:
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ indices:
+ description: The names of the Elasticsearch indices in which to search.
+ externalDocs:
+ description: Learn more about search indices here.
+ url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html'
+ type: array
+ items:
+ description: |-
+ Enum representing the currently supported indices.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofiles
+ - accountactivities
+ - entitlements
+ - events
+ - identities
+ - roles
+ example: identities
+ example:
+ - identities
+ queryType:
+ description: |-
+ The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body.
+ To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - DSL
+ - SAILPOINT
+ - TYPEAHEAD
+ default: SAILPOINT
+ example: SAILPOINT
+ queryVersion:
+ allOf:
+ - description: The current Elasticserver version.
+ type: string
+ default: '5.2'
+ - type: string
+ description: |-
+ The version of the query object.
+ This version number will map to the version of Elasticsearch for the query strings and objects being used.
+ query:
+ type: object
+ description: Query parameters used to construct an Elasticsearch query object.
+ properties:
+ query:
+ description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
+ type: string
+ example: 'name:a*'
+ fields:
+ description: The fields to which the specified query will be applied. The available fields are dependent on the indice(s) being searched on. Please refer to the response schema of this API for a list of available fields.
+ type: array
+ items:
+ type: string
+ example:
+ - name
+ timeZone:
+ description: The time zone to be applied to any range query related to dates.
+ type: string
+ example: America/Chicago
+ innerHit:
+ description: The innerHit query object returns a flattened list of results for the specified nested type.
+ type: object
+ required:
+ - query
+ - type
+ properties:
+ query:
+ description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
+ type: string
+ example: 'source.name:\"Active Directory\"'
+ type:
+ description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.'
+ type: string
+ example: access
+ queryDsl:
+ description: 'The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.'
+ type: object
+ example:
+ match:
+ name: john.doe
+ typeAheadQuery:
+ type: object
+ description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." '
+ required:
+ - query
+ - field
+ properties:
+ query:
+ description: The type ahead query string used to construct a phrase prefix match query.
+ type: string
+ example: Work
+ field:
+ description: The field on which to perform the type ahead search.
+ type: string
+ example: source.name
+ nestedType:
+ description: The nested type.
+ type: string
+ example: access
+ maxExpansions:
+ description: |-
+ The number of suffixes the last term will be expanded into.
+ Influences the performance of the query and the number results returned.
+ Valid values: 1 to 1000.
+ type: integer
+ format: int32
+ minimum: 1
+ maximum: 1000
+ default: 10
+ example: 10
+ includeNested:
+ description: Indicates whether nested objects from returned search results should be included.
+ type: boolean
+ default: true
+ example: true
+ queryResultFilter:
+ type: object
+ description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents.
+ properties:
+ includes:
+ description: The list of field names to include in the result documents.
+ type: array
+ items:
+ type: string
+ example:
+ - name
+ - displayName
+ excludes:
+ description: The list of field names to exclude from the result documents.
+ type: array
+ items:
+ type: string
+ example:
+ - stacktrace
+ aggregationType:
+ description: |
+ Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - DSL
+ - SAILPOINT
+ default: DSL
+ example: DSL
+ aggregationsVersion:
+ allOf:
+ - description: The current Elasticserver version.
+ type: string
+ default: '5.2'
+ - type: string
+ description: |-
+ The version of the language being used for aggregation queries.
+ This version number will map to the version of Elasticsearch for the aggregation query object.
+ aggregationsDsl:
+ description: 'The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.'
+ type: object
+ aggregations:
+ description: |
+ The aggregation’s specifications, such as the groupings and calculations to be performed.
+ allOf:
+ - type: object
+ properties:
+ nested:
+ type: object
+ description: The nested aggregation object.
+ required:
+ - name
+ - type
+ properties:
+ name:
+ description: The name of the nested aggregate to be included in the result.
+ type: string
+ example: id
+ type:
+ description: The type of the nested object.
+ type: string
+ example: access
+ metric:
+ type: object
+ description: The calculation done on the results of the query
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: |-
+ The name of the metric aggregate to be included in the result.
+ If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
+ type: string
+ example: Access Name Count
+ type:
+ description: |-
+ Enum representing the currently supported metric aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - COUNT
+ - UNIQUE_COUNT
+ - AVG
+ - SUM
+ - MEDIAN
+ - MIN
+ - MAX
+ default: UNIQUE_COUNT
+ field:
+ description: |
+ The field the calculation is performed on.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: '@access.name'
+ filter:
+ type: object
+ description: An additional filter to constrain the results of the search query.
+ required:
+ - name
+ - field
+ - value
+ properties:
+ name:
+ description: The name of the filter aggregate to be included in the result.
+ type: string
+ example: Entitlements
+ type:
+ description: |-
+ Enum representing the currently supported filter aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERM
+ default: TERM
+ field:
+ description: |
+ The search field to apply the filter to.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: access.type
+ value:
+ description: The value to filter on.
+ type: string
+ example: ENTITLEMENT
+ bucket:
+ type: object
+ description: The bucket to group the results of the aggregation query by.
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: The name of the bucket aggregate to be included in the result.
+ type: string
+ example: Identity Locations
+ type:
+ description: |-
+ Enum representing the currently supported bucket aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERMS
+ default: TERMS
+ example: TERMS
+ field:
+ description: |-
+ The field to bucket on.
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: attributes.city
+ size:
+ description: Maximum number of buckets to include.
+ type: integer
+ format: int32
+ example: 100
+ minDocCount:
+ description: Minimum number of documents a bucket should have.
+ type: integer
+ format: int32
+ example: 2
+ - type: object
+ properties:
+ subAggregation:
+ description: Aggregation to be performed on the result of the parent bucket aggregation.
+ allOf:
+ - type: object
+ properties:
+ nested:
+ type: object
+ description: The nested aggregation object.
+ required:
+ - name
+ - type
+ properties:
+ name:
+ description: The name of the nested aggregate to be included in the result.
+ type: string
+ example: id
+ type:
+ description: The type of the nested object.
+ type: string
+ example: access
+ metric:
+ type: object
+ description: The calculation done on the results of the query
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: |-
+ The name of the metric aggregate to be included in the result.
+ If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
+ type: string
+ example: Access Name Count
+ type:
+ description: |-
+ Enum representing the currently supported metric aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - COUNT
+ - UNIQUE_COUNT
+ - AVG
+ - SUM
+ - MEDIAN
+ - MIN
+ - MAX
+ default: UNIQUE_COUNT
+ field:
+ description: |
+ The field the calculation is performed on.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: '@access.name'
+ filter:
+ type: object
+ description: An additional filter to constrain the results of the search query.
+ required:
+ - name
+ - field
+ - value
+ properties:
+ name:
+ description: The name of the filter aggregate to be included in the result.
+ type: string
+ example: Entitlements
+ type:
+ description: |-
+ Enum representing the currently supported filter aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERM
+ default: TERM
+ field:
+ description: |
+ The search field to apply the filter to.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: access.type
+ value:
+ description: The value to filter on.
+ type: string
+ example: ENTITLEMENT
+ bucket:
+ type: object
+ description: The bucket to group the results of the aggregation query by.
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: The name of the bucket aggregate to be included in the result.
+ type: string
+ example: Identity Locations
+ type:
+ description: |-
+ Enum representing the currently supported bucket aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERMS
+ default: TERMS
+ example: TERMS
+ field:
+ description: |-
+ The field to bucket on.
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: attributes.city
+ size:
+ description: Maximum number of buckets to include.
+ type: integer
+ format: int32
+ example: 100
+ minDocCount:
+ description: Minimum number of documents a bucket should have.
+ type: integer
+ format: int32
+ example: 2
+ - type: object
+ properties:
+ subAggregation:
+ description: Aggregation to be performed on the result of the parent bucket aggregation.
+ type: object
+ properties:
+ nested:
+ type: object
+ description: The nested aggregation object.
+ required:
+ - name
+ - type
+ properties:
+ name:
+ description: The name of the nested aggregate to be included in the result.
+ type: string
+ example: id
+ type:
+ description: The type of the nested object.
+ type: string
+ example: access
+ metric:
+ type: object
+ description: The calculation done on the results of the query
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: |-
+ The name of the metric aggregate to be included in the result.
+ If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
+ type: string
+ example: Access Name Count
+ type:
+ description: |-
+ Enum representing the currently supported metric aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - COUNT
+ - UNIQUE_COUNT
+ - AVG
+ - SUM
+ - MEDIAN
+ - MIN
+ - MAX
+ default: UNIQUE_COUNT
+ field:
+ description: |
+ The field the calculation is performed on.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: '@access.name'
+ filter:
+ type: object
+ description: An additional filter to constrain the results of the search query.
+ required:
+ - name
+ - field
+ - value
+ properties:
+ name:
+ description: The name of the filter aggregate to be included in the result.
+ type: string
+ example: Entitlements
+ type:
+ description: |-
+ Enum representing the currently supported filter aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERM
+ default: TERM
+ field:
+ description: |
+ The search field to apply the filter to.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: access.type
+ value:
+ description: The value to filter on.
+ type: string
+ example: ENTITLEMENT
+ bucket:
+ type: object
+ description: The bucket to group the results of the aggregation query by.
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: The name of the bucket aggregate to be included in the result.
+ type: string
+ example: Identity Locations
+ type:
+ description: |-
+ Enum representing the currently supported bucket aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERMS
+ default: TERMS
+ example: TERMS
+ field:
+ description: |-
+ The field to bucket on.
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: attributes.city
+ size:
+ description: Maximum number of buckets to include.
+ type: integer
+ format: int32
+ example: 100
+ minDocCount:
+ description: Minimum number of documents a bucket should have.
+ type: integer
+ format: int32
+ example: 2
+ sort:
+ description: The fields to be used to sort the search results. Use + or - to specify the sort direction.
+ type: array
+ items:
+ type: string
+ example: +id
+ searchAfter:
+ description: |-
+ Used to begin the search window at the values specified.
+ This parameter consists of the last values of the sorted fields in the current record set.
+ This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value.
+ For example, when searching for identities, if the last idenitity ID in the search result is 2c91808375d8e80a0175e1f88a575221, then using that ID in this property will start a new search after this identity.
+ type: array
+ items:
+ type: string
+ example: 2c91808375d8e80a0175e1f88a575221
+ filters:
+ description: The filters to be applied for each filtered field name.
+ type: object
+ additionalProperties:
+ type: object
+ properties:
+ type:
+ description: |-
+ Enum representing the currently supported filter types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - EXISTS
+ - RANGE
+ - TERMS
+ example: RANGE
+ range:
+ type: object
+ description: The range of values to be filtered.
+ properties:
+ lower:
+ description: The lower bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ upper:
+ description: The upper bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ terms:
+ description: The terms to be filtered.
+ type: array
+ items:
+ type: string
+ exclude:
+ description: Indicates if the filter excludes results.
+ type: boolean
+ default: false
+ required:
+ - indices
+ examples:
+ query-fields:
+ summary: Query with Fields
+ value:
+ indices:
+ - identities
+ query:
+ query: '"John Doe"'
+ fields:
+ - name
+ query-timeZone:
+ summary: Query with TimeZone
+ value:
+ indices:
+ - identities
+ query:
+ query: 'created: [2022-05-19T19:26:03.351Z TO now]'
+ timeZone: America/Los_Angeles
+ query-innerHit:
+ summary: Query with InnerHit
+ value:
+ indices:
+ - identities
+ query:
+ query: '"John Doe"'
+ innerHit:
+ type: access
+ query: 'source.name:\"Active Directory\"'
+ typeAheadQuery:
+ summary: TypeAheadQuery
+ value:
+ indices:
+ - identities
+ queryType: TYPEAHEAD
+ typeAheadQuery:
+ field: name
+ query: Jo
+ maxExpansions: 50
+ typeAheadQuery-nestedType:
+ summary: TypeAheadQuery with NestedType
+ value:
+ indices:
+ - identities
+ queryType: TYPEAHEAD
+ typeAheadQuery:
+ field: source.name
+ nestedType: access
+ query: Work
+ maxExpansions: 50
+ filter-exists:
+ summary: Filter with Exists
+ value:
+ indices:
+ - identities
+ query:
+ query: 'attributes.city:London'
+ filters:
+ attributes.cloudAuthoritativeSource:
+ type: EXISTS
+ exclude: true
+ filter-range:
+ summary: Filter with Range
+ value:
+ indices:
+ - identities
+ query:
+ query: 'attributes.city:London'
+ timeZone: Europe/London
+ filters:
+ accessCount:
+ type: RANGE
+ range:
+ lower:
+ value: '3'
+ created:
+ type: RANGE
+ range:
+ lower:
+ value: '2019-12-01'
+ inclusive: true
+ upper:
+ value: '2020-01-01'
+ filter-terms:
+ summary: Filter with Terms
+ value:
+ indices:
+ - identities
+ query:
+ query: 'attributes.city:London'
+ filters:
+ source.name:
+ type: TERMS
+ terms:
+ - HR Employees
+ - Corporate Active Directory
+ exclude: true
+ protected:
+ type: TERMS
+ terms:
+ - 'true'
+ required: true
+ responses:
+ '200':
+ description: List of matching documents.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ discriminator:
+ propertyName: _type
+ mapping:
+ accessprofile: ../model/access/profile/AccessProfile.yaml
+ accountactivity: ../model/account/activity/AccountActivity.yaml
+ account: ../model/account/Account.yaml
+ aggregation: ../model/aggregation/Aggregation.yaml
+ entitlement: ../model/entitlement/Entitlement.yaml
+ event: ../model/event/Event.yaml
+ identity: ../model/identity/Identity.yaml
+ role: ../model/role/Role.yaml
+ oneOf:
+ - description: 'This is more of a complete representation of an access profile. '
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ enabled:
+ type: boolean
+ requestable:
+ type: boolean
+ requestCommentsRequired:
+ type: boolean
+ owner:
+ allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ - type: object
+ properties:
+ email:
+ type: string
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ entitlements:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ attribute:
+ type: string
+ value:
+ type: string
+ entitlementCount:
+ type: integer
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ - description: AccountActivity
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - type: object
+ properties:
+ action:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ stage:
+ type: string
+ origin:
+ type: string
+ status:
+ type: string
+ requester:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ recipient:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ trackingNumber:
+ type: string
+ errors:
+ type: array
+ items:
+ type: string
+ warnings:
+ type: array
+ items:
+ type: string
+ approvals:
+ type: array
+ items:
+ type: object
+ properties:
+ comments:
+ type: array
+ items:
+ type: object
+ properties:
+ comment:
+ type: string
+ commenter:
+ type: string
+ date:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ owner:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ result:
+ type: string
+ type:
+ type: string
+ originalRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ accountId:
+ type: string
+ attributeRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ op:
+ type: string
+ value:
+ type: string
+ op:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ expansionItems:
+ type: array
+ items:
+ type: object
+ properties:
+ accountId:
+ type: string
+ cause:
+ type: string
+ name:
+ type: string
+ attributeRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ op:
+ type: string
+ value:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ accountRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ accountId:
+ type: string
+ attributeRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ op:
+ type: string
+ value:
+ type: string
+ op:
+ type: string
+ provisioningTarget:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ result:
+ type: object
+ properties:
+ errors:
+ type: array
+ items:
+ type: string
+ status:
+ type: string
+ ticketId:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ sources:
+ type: array
+ items:
+ type: string
+ - description: Account
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ accountId:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ disabled:
+ type: boolean
+ locked:
+ type: boolean
+ privileged:
+ type: boolean
+ manuallyCorrelated:
+ type: boolean
+ passwordLastSet:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ entitlementAttributes:
+ type: object
+ nullable: true
+ description: a map or dictionary of key/value pairs
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ - type: object
+ properties:
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ attributes:
+ type: object
+ description: a map or dictionary of key/value pairs
+ identity:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ access:
+ type: array
+ items:
+ description: EntitlementReference
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ privileged:
+ type: boolean
+ attribute:
+ type: string
+ value:
+ type: string
+ standalone:
+ type: boolean
+ entitlementCount:
+ type: integer
+ uncorrelated:
+ type: boolean
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ - description: Aggregation
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - type: object
+ properties:
+ status:
+ type: string
+ duration:
+ type: integer
+ avgDuration:
+ type: integer
+ changedAccounts:
+ type: integer
+ nextScheduled:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ startTime:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ sourceOwner:
+ type: string
+ - description: Entitlement
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ attribute:
+ type: string
+ value:
+ type: string
+ - type: object
+ properties:
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ displayName:
+ type: string
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ privileged:
+ type: boolean
+ identityCount:
+ type: integer
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ - description: Event
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - type: object
+ properties:
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ action:
+ type: string
+ type:
+ type: string
+ actor:
+ type: object
+ properties:
+ name:
+ type: string
+ example: John Doe
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ target:
+ type: object
+ properties:
+ name:
+ type: string
+ example: John Doe
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ stack:
+ type: string
+ trackingNumber:
+ type: string
+ ipAddress:
+ type: string
+ details:
+ type: string
+ attributes:
+ type: object
+ objects:
+ type: array
+ items:
+ type: string
+ operation:
+ type: string
+ status:
+ type: string
+ technicalName:
+ type: string
+ - description: Identity
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ firstName:
+ type: string
+ lastName:
+ type: string
+ displayName:
+ type: string
+ email:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ phone:
+ type: string
+ inactive:
+ type: boolean
+ protected:
+ type: boolean
+ status:
+ type: string
+ employeeNumber:
+ type: string
+ manager:
+ nullable: true
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ isManager:
+ type: boolean
+ identityProfile:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ attributes:
+ type: object
+ description: a map or dictionary of key/value pairs
+ processingState:
+ type: string
+ nullable: true
+ processingDetails:
+ nullable: true
+ type: object
+ properties:
+ date:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ stage:
+ type: string
+ retryCount:
+ type: integer
+ stackTrace:
+ type: string
+ message:
+ type: string
+ accounts:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ accountId:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ disabled:
+ type: boolean
+ locked:
+ type: boolean
+ privileged:
+ type: boolean
+ manuallyCorrelated:
+ type: boolean
+ passwordLastSet:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ entitlementAttributes:
+ type: object
+ nullable: true
+ description: a map or dictionary of key/value pairs
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ accountCount:
+ type: integer
+ apps:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ account:
+ type: object
+ properties:
+ id:
+ type: string
+ accountId:
+ type: string
+ appCount:
+ type: integer
+ access:
+ type: array
+ items:
+ discriminator:
+ propertyName: type
+ mapping:
+ ACCESS_PROFILE: ../access/AccessProfile.yaml
+ ENTITLEMENT: ../access/Entitlement.yaml
+ ROLE: ../access/Role.yaml
+ oneOf:
+ - description: 'This is a summary representation of an access profile. '
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ owner:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ revocable:
+ type: boolean
+ - description: EntitlementReference
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ privileged:
+ type: boolean
+ attribute:
+ type: string
+ value:
+ type: string
+ standalone:
+ type: boolean
+ - description: Role
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ owner:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ disabled:
+ type: boolean
+ revocable:
+ type: boolean
+ accessCount:
+ type: integer
+ accessProfileCount:
+ type: integer
+ entitlementCount:
+ type: integer
+ roleCount:
+ type: integer
+ owns:
+ type: object
+ properties:
+ sources:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ entitlements:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ accessProfiles:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ roles:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ apps:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ governanceGroups:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ fallbackApprover:
+ type: boolean
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ - description: Role
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ enabled:
+ type: boolean
+ requestable:
+ type: boolean
+ requestCommentsRequired:
+ type: boolean
+ owner:
+ allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ - type: object
+ properties:
+ email:
+ type: string
+ - type: object
+ properties:
+ accessProfiles:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ accessProfileCount:
+ type: integer
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ examples:
+ accessProfiles:
+ summary: A collection of AccessProfiles
+ value:
+ - id: 2c9180825a6c1adc015a71c9023f0818
+ name: Cloud Eng
+ _type: accessprofile
+ description: Cloud Eng
+ created: '2017-02-24T20:21:23.145Z'
+ modified: '2019-05-24T20:36:04.312Z'
+ synced: '2020-02-18T05:30:20.414Z'
+ enabled: true
+ requestable: true
+ requestCommentsRequired: false
+ owner:
+ id: ff8081815757d36a015757d42e56031e
+ name: SailPoint Support
+ type: IDENTITY
+ email: cloud-support@sailpoint.com
+ source:
+ id: ff8081815757d4fb0157588f3d9d008f
+ name: Employees
+ entitlements:
+ - id: 2c918084575812550157589064f33b89
+ name: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
+ description: mull
+ attribute: memberOf
+ value: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
+ entitlementCount: 1
+ tags:
+ - TAG_1
+ - TAG_2
+ entitlements:
+ summary: A collection of Entitlements
+ value:
+ - id: 2c9180946ed0c43d016eec1a80892fbd
+ name: entitlement.aa415ae7
+ _type: entitlement
+ description: 'null'
+ attribute: groups
+ value: entitlement.aa415ae7
+ modified: '2019-12-09T19:19:50.154Z'
+ synced: '2020-02-19T04:30:32.906Z'
+ displayName: entitlement.aa415ae7
+ source:
+ id: 2c91808b6e9e6fb8016eec1a2b6f7b5f
+ name: ODS-HR-Employees
+ privileged: false
+ identityCount: 68
+ tags:
+ - TAG_1
+ - TAG_2
+ events:
+ summary: A collection of Events
+ value:
+ - id: e092842f-c904-4b59-aac8-2544abeeef4b
+ name: Update Task Schedule Passed
+ _type: event
+ created: '2020-02-17T16:23:18.327Z'
+ synced: '2020-02-17T16:23:18.388Z'
+ action: TASK_SCHEDULE_UPDATE_PASSED
+ type: SYSTEM_CONFIG
+ actor:
+ name: MantisTaskScheduler
+ target:
+ name: Perform provisioning activity search delete synchronization
+ stack: tpe
+ trackingNumber: c6b98bc39ece48b080826d16c76b166c
+ ipAddress: 207.189.160.158
+ details: 'null'
+ attributes:
+ sourceName: SailPoint
+ objects:
+ - TASK
+ - SCHEDULE
+ operation: UPDATE
+ status: PASSED
+ technicalName: TASK_SCHEDULE_UPDATE_PASSED
+ identities:
+ summary: A collection of Identities
+ value:
+ - id: 2c9180865c45e7e3015c46c434a80622
+ name: ad.admin
+ _type: identity
+ firstName: AD
+ lastName: Admin
+ displayName: AD Admin
+ email: SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM
+ created: '2018-08-22T19:54:54.302Z'
+ modified: '2018-08-22T19:54:54.302Z'
+ synced: '2018-08-22T19:54:54.302Z'
+ phone: 512-942-7578
+ inactive: false
+ protected: false
+ status: UNREGISTERED
+ employeeNumber: O349804
+ manager: null
+ isManager: false
+ identityProfile:
+ id: 2c918085605c8d0601606f357cb231e6
+ name: E2E AD
+ source:
+ id: 2c9180855c45b230015c46c19b9c0202
+ name: EndToEnd-ADSource
+ attributes:
+ uid: ad.admin
+ firstname: AD
+ cloudAuthoritativeSource: 2c9180855c45b230015c46c19b9c0202
+ cloudStatus: UNREGISTERED
+ iplanet-am-user-alias-list: null
+ displayName: AD Admin
+ internalCloudStatus: UNREGISTERED
+ workPhone: 512-942-7578
+ email: SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM
+ lastname: Admin
+ processingState: null
+ processingDetails: null
+ accounts:
+ - id: 2c9180865c45e7e3015c46c434a80623
+ name: ad.admin
+ accountId: 'CN=AD Admin,OU=slpt-automation,DC=TestAutomationAD,DC=local'
+ source:
+ id: 2c9180855c45b230015c46c19b9c0202
+ name: EndToEnd-ADSource
+ type: Active Directory - Direct
+ disabled: false
+ locked: false
+ privileged: false
+ manuallyCorrelated: false
+ passwordLastSet: '2018-08-22T19:54:54.302Z'
+ entitlementAttributes:
+ memberOf:
+ - 'CN=Group Policy Creator Owners,CN=Users,DC=TestAutomationAD,DC=local'
+ - 'CN=Domain Guests,CN=Users,DC=TestAutomationAD,DC=local'
+ - 'CN=Domain Admins,CN=Users,DC=TestAutomationAD,DC=local'
+ - 'CN=Enterprise Admins,CN=Users,DC=TestAutomationAD,DC=local'
+ - 'CN=Schema Admins,CN=Users,DC=TestAutomationAD,DC=local'
+ - 'CN=Guests,CN=Builtin,DC=TestAutomationAD,DC=local'
+ - 'CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local'
+ created: '2018-08-22T19:54:54.302Z'
+ - id: 2c918083606d670c01606f35a30a0349
+ name: ad.admin
+ accountId: ad.admin
+ source:
+ id: ff8081815c46b85b015c46b90c7c02a6
+ name: IdentityNow
+ type: IdentityNowConnector
+ disabled: false
+ locked: false
+ privileged: false
+ manuallyCorrelated: false
+ passwordLastSet: null
+ entitlementAttributes: null
+ created: '2018-08-22T19:54:54.302Z'
+ accountCount: 2
+ apps:
+ - id: '22751'
+ name: ADP Workforce Now
+ source:
+ id: 2c9180855c45b230015c46e2f6a8026a
+ name: Corporate Active Directory
+ account:
+ id: 2c9180865c45efa4015c470be0de1606
+ accountId: 'CN=Bob Wilson,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
+ appCount: 1
+ access:
+ - id: 2c918083634bc6cb01639808d40270ba
+ name: 'test [AccessProfile-1527264105448]'
+ displayName: test
+ type: ACCESS_PROFILE
+ description: test
+ source:
+ id: 2c9180855c45b230015c46c19b9c0202
+ name: EndToEnd-ADSource
+ owner:
+ id: 2c9180865c45e7e3015c46c434a80622
+ name: ad.admin
+ displayName: AD Admin
+ - id: 2c9180865c45e7e3015c46c457c50755
+ name: Administrators
+ displayName: Administrators
+ type: ENTITLEMENT
+ description: null
+ source:
+ id: 2c9180855c45b230015c46c19b9c0202
+ name: EndToEnd-ADSource
+ privileged: false
+ attribute: memberOf
+ value: 'CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local'
+ standalone: false
+ - id: 2c9180865decdaa5015e06598b293108
+ name: 'test [cloudRole-1503345085223]'
+ displayName: test
+ type: ROLE
+ description: test
+ owner:
+ id: 2c9180865c45e7e3015c46c5030707a0
+ name: will.albin
+ displayName: Albin Will
+ disabled: false
+ accessCount: 3
+ accessProfileCount: 1
+ entitlementCount: 1
+ roleCount: 1
+ tags:
+ - TAG_1
+ - TAG_2
+ roles:
+ summary: A collection of Roles
+ value:
+ - id: 2c91808c6faadea6016fb4f2bc69077b
+ name: IT Role
+ _type: role
+ description: IT role
+ created: '2020-01-17T19:20:15.040Z'
+ modified: null
+ synced: '2020-02-18T05:30:20.145Z'
+ enabled: true
+ requestable: false
+ requestCommentsRequired: false
+ owner:
+ id: 2c9180a46faadee4016fb4e018c20639
+ name: Cloud Support
+ type: IDENTITY
+ email: thomas.edison@acme-solar.com
+ accessProfiles:
+ - id: 2c91809c6faade77016fb4f0b63407ae
+ name: Admin Access
+ accessProfileCount: 1
+ tags:
+ - TAG_1
+ - TAG_2
+ headers:
+ X-Total-Count:
+ schema:
+ type: integer
+ description: The total result count (returned only if the *count* parameter is specified as *true*).
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /search/count:
+ post:
+ tags:
+ - Search
+ description: Performs a search with provided query and returns count of results in the X-Total-Count header.
+ operationId: searchCount
+ summary: Count the number of Documents satisfying a Query
+ requestBody:
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ indices:
+ description: The names of the Elasticsearch indices in which to search.
+ externalDocs:
+ description: Learn more about search indices here.
+ url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html'
+ type: array
+ items:
+ description: |-
+ Enum representing the currently supported indices.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofiles
+ - accountactivities
+ - entitlements
+ - events
+ - identities
+ - roles
+ example: identities
+ example:
+ - identities
+ queryType:
+ description: |-
+ The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body.
+ To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - DSL
+ - SAILPOINT
+ - TYPEAHEAD
+ default: SAILPOINT
+ example: SAILPOINT
+ queryVersion:
+ allOf:
+ - description: The current Elasticserver version.
+ type: string
+ default: '5.2'
+ - type: string
+ description: |-
+ The version of the query object.
+ This version number will map to the version of Elasticsearch for the query strings and objects being used.
+ query:
+ type: object
+ description: Query parameters used to construct an Elasticsearch query object.
+ properties:
+ query:
+ description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
+ type: string
+ example: 'name:a*'
+ fields:
+ description: The fields to which the specified query will be applied. The available fields are dependent on the indice(s) being searched on. Please refer to the response schema of this API for a list of available fields.
+ type: array
+ items:
+ type: string
+ example:
+ - name
+ timeZone:
+ description: The time zone to be applied to any range query related to dates.
+ type: string
+ example: America/Chicago
+ innerHit:
+ description: The innerHit query object returns a flattened list of results for the specified nested type.
+ type: object
+ required:
+ - query
+ - type
+ properties:
+ query:
+ description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
+ type: string
+ example: 'source.name:\"Active Directory\"'
+ type:
+ description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.'
+ type: string
+ example: access
+ queryDsl:
+ description: 'The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.'
+ type: object
+ example:
+ match:
+ name: john.doe
+ typeAheadQuery:
+ type: object
+ description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." '
+ required:
+ - query
+ - field
+ properties:
+ query:
+ description: The type ahead query string used to construct a phrase prefix match query.
+ type: string
+ example: Work
+ field:
+ description: The field on which to perform the type ahead search.
+ type: string
+ example: source.name
+ nestedType:
+ description: The nested type.
+ type: string
+ example: access
+ maxExpansions:
+ description: |-
+ The number of suffixes the last term will be expanded into.
+ Influences the performance of the query and the number results returned.
+ Valid values: 1 to 1000.
+ type: integer
+ format: int32
+ minimum: 1
+ maximum: 1000
+ default: 10
+ example: 10
+ includeNested:
+ description: Indicates whether nested objects from returned search results should be included.
+ type: boolean
+ default: true
+ example: true
+ queryResultFilter:
+ type: object
+ description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents.
+ properties:
+ includes:
+ description: The list of field names to include in the result documents.
+ type: array
+ items:
+ type: string
+ example:
+ - name
+ - displayName
+ excludes:
+ description: The list of field names to exclude from the result documents.
+ type: array
+ items:
+ type: string
+ example:
+ - stacktrace
+ aggregationType:
+ description: |
+ Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - DSL
+ - SAILPOINT
+ default: DSL
+ example: DSL
+ aggregationsVersion:
+ allOf:
+ - description: The current Elasticserver version.
+ type: string
+ default: '5.2'
+ - type: string
+ description: |-
+ The version of the language being used for aggregation queries.
+ This version number will map to the version of Elasticsearch for the aggregation query object.
+ aggregationsDsl:
+ description: 'The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.'
+ type: object
+ aggregations:
+ description: |
+ The aggregation’s specifications, such as the groupings and calculations to be performed.
+ allOf:
+ - type: object
+ properties:
+ nested:
+ type: object
+ description: The nested aggregation object.
+ required:
+ - name
+ - type
+ properties:
+ name:
+ description: The name of the nested aggregate to be included in the result.
+ type: string
+ example: id
+ type:
+ description: The type of the nested object.
+ type: string
+ example: access
+ metric:
+ type: object
+ description: The calculation done on the results of the query
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: |-
+ The name of the metric aggregate to be included in the result.
+ If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
+ type: string
+ example: Access Name Count
+ type:
+ description: |-
+ Enum representing the currently supported metric aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - COUNT
+ - UNIQUE_COUNT
+ - AVG
+ - SUM
+ - MEDIAN
+ - MIN
+ - MAX
+ default: UNIQUE_COUNT
+ field:
+ description: |
+ The field the calculation is performed on.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: '@access.name'
+ filter:
+ type: object
+ description: An additional filter to constrain the results of the search query.
+ required:
+ - name
+ - field
+ - value
+ properties:
+ name:
+ description: The name of the filter aggregate to be included in the result.
+ type: string
+ example: Entitlements
+ type:
+ description: |-
+ Enum representing the currently supported filter aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERM
+ default: TERM
+ field:
+ description: |
+ The search field to apply the filter to.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: access.type
+ value:
+ description: The value to filter on.
+ type: string
+ example: ENTITLEMENT
+ bucket:
+ type: object
+ description: The bucket to group the results of the aggregation query by.
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: The name of the bucket aggregate to be included in the result.
+ type: string
+ example: Identity Locations
+ type:
+ description: |-
+ Enum representing the currently supported bucket aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERMS
+ default: TERMS
+ example: TERMS
+ field:
+ description: |-
+ The field to bucket on.
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: attributes.city
+ size:
+ description: Maximum number of buckets to include.
+ type: integer
+ format: int32
+ example: 100
+ minDocCount:
+ description: Minimum number of documents a bucket should have.
+ type: integer
+ format: int32
+ example: 2
+ - type: object
+ properties:
+ subAggregation:
+ description: Aggregation to be performed on the result of the parent bucket aggregation.
+ allOf:
+ - type: object
+ properties:
+ nested:
+ type: object
+ description: The nested aggregation object.
+ required:
+ - name
+ - type
+ properties:
+ name:
+ description: The name of the nested aggregate to be included in the result.
+ type: string
+ example: id
+ type:
+ description: The type of the nested object.
+ type: string
+ example: access
+ metric:
+ type: object
+ description: The calculation done on the results of the query
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: |-
+ The name of the metric aggregate to be included in the result.
+ If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
+ type: string
+ example: Access Name Count
+ type:
+ description: |-
+ Enum representing the currently supported metric aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - COUNT
+ - UNIQUE_COUNT
+ - AVG
+ - SUM
+ - MEDIAN
+ - MIN
+ - MAX
+ default: UNIQUE_COUNT
+ field:
+ description: |
+ The field the calculation is performed on.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: '@access.name'
+ filter:
+ type: object
+ description: An additional filter to constrain the results of the search query.
+ required:
+ - name
+ - field
+ - value
+ properties:
+ name:
+ description: The name of the filter aggregate to be included in the result.
+ type: string
+ example: Entitlements
+ type:
+ description: |-
+ Enum representing the currently supported filter aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERM
+ default: TERM
+ field:
+ description: |
+ The search field to apply the filter to.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: access.type
+ value:
+ description: The value to filter on.
+ type: string
+ example: ENTITLEMENT
+ bucket:
+ type: object
+ description: The bucket to group the results of the aggregation query by.
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: The name of the bucket aggregate to be included in the result.
+ type: string
+ example: Identity Locations
+ type:
+ description: |-
+ Enum representing the currently supported bucket aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERMS
+ default: TERMS
+ example: TERMS
+ field:
+ description: |-
+ The field to bucket on.
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: attributes.city
+ size:
+ description: Maximum number of buckets to include.
+ type: integer
+ format: int32
+ example: 100
+ minDocCount:
+ description: Minimum number of documents a bucket should have.
+ type: integer
+ format: int32
+ example: 2
+ - type: object
+ properties:
+ subAggregation:
+ description: Aggregation to be performed on the result of the parent bucket aggregation.
+ type: object
+ properties:
+ nested:
+ type: object
+ description: The nested aggregation object.
+ required:
+ - name
+ - type
+ properties:
+ name:
+ description: The name of the nested aggregate to be included in the result.
+ type: string
+ example: id
+ type:
+ description: The type of the nested object.
+ type: string
+ example: access
+ metric:
+ type: object
+ description: The calculation done on the results of the query
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: |-
+ The name of the metric aggregate to be included in the result.
+ If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
+ type: string
+ example: Access Name Count
+ type:
+ description: |-
+ Enum representing the currently supported metric aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - COUNT
+ - UNIQUE_COUNT
+ - AVG
+ - SUM
+ - MEDIAN
+ - MIN
+ - MAX
+ default: UNIQUE_COUNT
+ field:
+ description: |
+ The field the calculation is performed on.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: '@access.name'
+ filter:
+ type: object
+ description: An additional filter to constrain the results of the search query.
+ required:
+ - name
+ - field
+ - value
+ properties:
+ name:
+ description: The name of the filter aggregate to be included in the result.
+ type: string
+ example: Entitlements
+ type:
+ description: |-
+ Enum representing the currently supported filter aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERM
+ default: TERM
+ field:
+ description: |
+ The search field to apply the filter to.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: access.type
+ value:
+ description: The value to filter on.
+ type: string
+ example: ENTITLEMENT
+ bucket:
+ type: object
+ description: The bucket to group the results of the aggregation query by.
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: The name of the bucket aggregate to be included in the result.
+ type: string
+ example: Identity Locations
+ type:
+ description: |-
+ Enum representing the currently supported bucket aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERMS
+ default: TERMS
+ example: TERMS
+ field:
+ description: |-
+ The field to bucket on.
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: attributes.city
+ size:
+ description: Maximum number of buckets to include.
+ type: integer
+ format: int32
+ example: 100
+ minDocCount:
+ description: Minimum number of documents a bucket should have.
+ type: integer
+ format: int32
+ example: 2
+ sort:
+ description: The fields to be used to sort the search results. Use + or - to specify the sort direction.
+ type: array
+ items:
+ type: string
+ example: +id
+ searchAfter:
+ description: |-
+ Used to begin the search window at the values specified.
+ This parameter consists of the last values of the sorted fields in the current record set.
+ This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value.
+ For example, when searching for identities, if the last idenitity ID in the search result is 2c91808375d8e80a0175e1f88a575221, then using that ID in this property will start a new search after this identity.
+ type: array
+ items:
+ type: string
+ example: 2c91808375d8e80a0175e1f88a575221
+ filters:
+ description: The filters to be applied for each filtered field name.
+ type: object
+ additionalProperties:
+ type: object
+ properties:
+ type:
+ description: |-
+ Enum representing the currently supported filter types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - EXISTS
+ - RANGE
+ - TERMS
+ example: RANGE
+ range:
+ type: object
+ description: The range of values to be filtered.
+ properties:
+ lower:
+ description: The lower bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ upper:
+ description: The upper bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ terms:
+ description: The terms to be filtered.
+ type: array
+ items:
+ type: string
+ exclude:
+ description: Indicates if the filter excludes results.
+ type: boolean
+ default: false
+ required:
+ - indices
+ examples:
+ query-timeZone:
+ summary: Query with TimeZone
+ value:
+ indices:
+ - identities
+ query:
+ query: 'created: [2022-05-19T19:26:03.351Z TO now]'
+ timeZone: America/Los_Angeles
+ required: true
+ responses:
+ '204':
+ description: No content - indicates the request was successful but there is no content to be returned in the response.
+ headers:
+ X-Total-Count:
+ description: The total result count.
+ schema:
+ type: integer
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ /search/aggregate:
+ post:
+ tags:
+ - Search
+ description: Performs a search query aggregation and returns aggregation result.
+ operationId: searchAggregate
+ summary: Perform a Search Query Aggregation
+ parameters:
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ requestBody:
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ indices:
+ description: The names of the Elasticsearch indices in which to search.
+ externalDocs:
+ description: Learn more about search indices here.
+ url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html'
+ type: array
+ items:
+ description: |-
+ Enum representing the currently supported indices.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofiles
+ - accountactivities
+ - entitlements
+ - events
+ - identities
+ - roles
+ example: identities
+ example:
+ - identities
+ queryType:
+ description: |-
+ The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body.
+ To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - DSL
+ - SAILPOINT
+ - TYPEAHEAD
+ default: SAILPOINT
+ example: SAILPOINT
+ queryVersion:
+ allOf:
+ - description: The current Elasticserver version.
+ type: string
+ default: '5.2'
+ - type: string
+ description: |-
+ The version of the query object.
+ This version number will map to the version of Elasticsearch for the query strings and objects being used.
+ query:
+ type: object
+ description: Query parameters used to construct an Elasticsearch query object.
+ properties:
+ query:
+ description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
+ type: string
+ example: 'name:a*'
+ fields:
+ description: The fields to which the specified query will be applied. The available fields are dependent on the indice(s) being searched on. Please refer to the response schema of this API for a list of available fields.
+ type: array
+ items:
+ type: string
+ example:
+ - name
+ timeZone:
+ description: The time zone to be applied to any range query related to dates.
+ type: string
+ example: America/Chicago
+ innerHit:
+ description: The innerHit query object returns a flattened list of results for the specified nested type.
+ type: object
+ required:
+ - query
+ - type
+ properties:
+ query:
+ description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.'
+ type: string
+ example: 'source.name:\"Active Directory\"'
+ type:
+ description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.'
+ type: string
+ example: access
+ queryDsl:
+ description: 'The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.'
+ type: object
+ example:
+ match:
+ name: john.doe
+ typeAheadQuery:
+ type: object
+ description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." '
+ required:
+ - query
+ - field
+ properties:
+ query:
+ description: The type ahead query string used to construct a phrase prefix match query.
+ type: string
+ example: Work
+ field:
+ description: The field on which to perform the type ahead search.
+ type: string
+ example: source.name
+ nestedType:
+ description: The nested type.
+ type: string
+ example: access
+ maxExpansions:
+ description: |-
+ The number of suffixes the last term will be expanded into.
+ Influences the performance of the query and the number results returned.
+ Valid values: 1 to 1000.
+ type: integer
+ format: int32
+ minimum: 1
+ maximum: 1000
+ default: 10
+ example: 10
+ includeNested:
+ description: Indicates whether nested objects from returned search results should be included.
+ type: boolean
+ default: true
+ example: true
+ queryResultFilter:
+ type: object
+ description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents.
+ properties:
+ includes:
+ description: The list of field names to include in the result documents.
+ type: array
+ items:
+ type: string
+ example:
+ - name
+ - displayName
+ excludes:
+ description: The list of field names to exclude from the result documents.
+ type: array
+ items:
+ type: string
+ example:
+ - stacktrace
+ aggregationType:
+ description: |
+ Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - DSL
+ - SAILPOINT
+ default: DSL
+ example: DSL
+ aggregationsVersion:
+ allOf:
+ - description: The current Elasticserver version.
+ type: string
+ default: '5.2'
+ - type: string
+ description: |-
+ The version of the language being used for aggregation queries.
+ This version number will map to the version of Elasticsearch for the aggregation query object.
+ aggregationsDsl:
+ description: 'The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.'
+ type: object
+ aggregations:
+ description: |
+ The aggregation’s specifications, such as the groupings and calculations to be performed.
+ allOf:
+ - type: object
+ properties:
+ nested:
+ type: object
+ description: The nested aggregation object.
+ required:
+ - name
+ - type
+ properties:
+ name:
+ description: The name of the nested aggregate to be included in the result.
+ type: string
+ example: id
+ type:
+ description: The type of the nested object.
+ type: string
+ example: access
+ metric:
+ type: object
+ description: The calculation done on the results of the query
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: |-
+ The name of the metric aggregate to be included in the result.
+ If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
+ type: string
+ example: Access Name Count
+ type:
+ description: |-
+ Enum representing the currently supported metric aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - COUNT
+ - UNIQUE_COUNT
+ - AVG
+ - SUM
+ - MEDIAN
+ - MIN
+ - MAX
+ default: UNIQUE_COUNT
+ field:
+ description: |
+ The field the calculation is performed on.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: '@access.name'
+ filter:
+ type: object
+ description: An additional filter to constrain the results of the search query.
+ required:
+ - name
+ - field
+ - value
+ properties:
+ name:
+ description: The name of the filter aggregate to be included in the result.
+ type: string
+ example: Entitlements
+ type:
+ description: |-
+ Enum representing the currently supported filter aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERM
+ default: TERM
+ field:
+ description: |
+ The search field to apply the filter to.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: access.type
+ value:
+ description: The value to filter on.
+ type: string
+ example: ENTITLEMENT
+ bucket:
+ type: object
+ description: The bucket to group the results of the aggregation query by.
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: The name of the bucket aggregate to be included in the result.
+ type: string
+ example: Identity Locations
+ type:
+ description: |-
+ Enum representing the currently supported bucket aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERMS
+ default: TERMS
+ example: TERMS
+ field:
+ description: |-
+ The field to bucket on.
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: attributes.city
+ size:
+ description: Maximum number of buckets to include.
+ type: integer
+ format: int32
+ example: 100
+ minDocCount:
+ description: Minimum number of documents a bucket should have.
+ type: integer
+ format: int32
+ example: 2
+ - type: object
+ properties:
+ subAggregation:
+ description: Aggregation to be performed on the result of the parent bucket aggregation.
+ allOf:
+ - type: object
+ properties:
+ nested:
+ type: object
+ description: The nested aggregation object.
+ required:
+ - name
+ - type
+ properties:
+ name:
+ description: The name of the nested aggregate to be included in the result.
+ type: string
+ example: id
+ type:
+ description: The type of the nested object.
+ type: string
+ example: access
+ metric:
+ type: object
+ description: The calculation done on the results of the query
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: |-
+ The name of the metric aggregate to be included in the result.
+ If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
+ type: string
+ example: Access Name Count
+ type:
+ description: |-
+ Enum representing the currently supported metric aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - COUNT
+ - UNIQUE_COUNT
+ - AVG
+ - SUM
+ - MEDIAN
+ - MIN
+ - MAX
+ default: UNIQUE_COUNT
+ field:
+ description: |
+ The field the calculation is performed on.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: '@access.name'
+ filter:
+ type: object
+ description: An additional filter to constrain the results of the search query.
+ required:
+ - name
+ - field
+ - value
+ properties:
+ name:
+ description: The name of the filter aggregate to be included in the result.
+ type: string
+ example: Entitlements
+ type:
+ description: |-
+ Enum representing the currently supported filter aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERM
+ default: TERM
+ field:
+ description: |
+ The search field to apply the filter to.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: access.type
+ value:
+ description: The value to filter on.
+ type: string
+ example: ENTITLEMENT
+ bucket:
+ type: object
+ description: The bucket to group the results of the aggregation query by.
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: The name of the bucket aggregate to be included in the result.
+ type: string
+ example: Identity Locations
+ type:
+ description: |-
+ Enum representing the currently supported bucket aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERMS
+ default: TERMS
+ example: TERMS
+ field:
+ description: |-
+ The field to bucket on.
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: attributes.city
+ size:
+ description: Maximum number of buckets to include.
+ type: integer
+ format: int32
+ example: 100
+ minDocCount:
+ description: Minimum number of documents a bucket should have.
+ type: integer
+ format: int32
+ example: 2
+ - type: object
+ properties:
+ subAggregation:
+ description: Aggregation to be performed on the result of the parent bucket aggregation.
+ type: object
+ properties:
+ nested:
+ type: object
+ description: The nested aggregation object.
+ required:
+ - name
+ - type
+ properties:
+ name:
+ description: The name of the nested aggregate to be included in the result.
+ type: string
+ example: id
+ type:
+ description: The type of the nested object.
+ type: string
+ example: access
+ metric:
+ type: object
+ description: The calculation done on the results of the query
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: |-
+ The name of the metric aggregate to be included in the result.
+ If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
+ type: string
+ example: Access Name Count
+ type:
+ description: |-
+ Enum representing the currently supported metric aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - COUNT
+ - UNIQUE_COUNT
+ - AVG
+ - SUM
+ - MEDIAN
+ - MIN
+ - MAX
+ default: UNIQUE_COUNT
+ field:
+ description: |
+ The field the calculation is performed on.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: '@access.name'
+ filter:
+ type: object
+ description: An additional filter to constrain the results of the search query.
+ required:
+ - name
+ - field
+ - value
+ properties:
+ name:
+ description: The name of the filter aggregate to be included in the result.
+ type: string
+ example: Entitlements
+ type:
+ description: |-
+ Enum representing the currently supported filter aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERM
+ default: TERM
+ field:
+ description: |
+ The search field to apply the filter to.
+
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: access.type
+ value:
+ description: The value to filter on.
+ type: string
+ example: ENTITLEMENT
+ bucket:
+ type: object
+ description: The bucket to group the results of the aggregation query by.
+ required:
+ - name
+ - field
+ properties:
+ name:
+ description: The name of the bucket aggregate to be included in the result.
+ type: string
+ example: Identity Locations
+ type:
+ description: |-
+ Enum representing the currently supported bucket aggregation types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - TERMS
+ default: TERMS
+ example: TERMS
+ field:
+ description: |-
+ The field to bucket on.
+ Prefix the field name with '@' to reference a nested object.
+ type: string
+ example: attributes.city
+ size:
+ description: Maximum number of buckets to include.
+ type: integer
+ format: int32
+ example: 100
+ minDocCount:
+ description: Minimum number of documents a bucket should have.
+ type: integer
+ format: int32
+ example: 2
+ sort:
+ description: The fields to be used to sort the search results. Use + or - to specify the sort direction.
+ type: array
+ items:
+ type: string
+ example: +id
+ searchAfter:
+ description: |-
+ Used to begin the search window at the values specified.
+ This parameter consists of the last values of the sorted fields in the current record set.
+ This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value.
+ For example, when searching for identities, if the last idenitity ID in the search result is 2c91808375d8e80a0175e1f88a575221, then using that ID in this property will start a new search after this identity.
+ type: array
+ items:
+ type: string
+ example: 2c91808375d8e80a0175e1f88a575221
+ filters:
+ description: The filters to be applied for each filtered field name.
+ type: object
+ additionalProperties:
+ type: object
+ properties:
+ type:
+ description: |-
+ Enum representing the currently supported filter types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - EXISTS
+ - RANGE
+ - TERMS
+ example: RANGE
+ range:
+ type: object
+ description: The range of values to be filtered.
+ properties:
+ lower:
+ description: The lower bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ upper:
+ description: The upper bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ terms:
+ description: The terms to be filtered.
+ type: array
+ items:
+ type: string
+ exclude:
+ description: Indicates if the filter excludes results.
+ type: boolean
+ default: false
+ required:
+ - indices
+ examples:
+ metricAggregation:
+ summary: MetricAggregation
+ value:
+ indices:
+ - aggregations
+ aggregationType: SAILPOINT
+ aggregations:
+ metric:
+ name: How Many Locations
+ type: UNIQUE_COUNT
+ field: attributes.city
+ metricAggregation-dsl:
+ summary: MetricAggregation using DSL
+ value:
+ indices:
+ - aggregations
+ aggregationType: DSL
+ aggregationsDsl:
+ How Many Locations:
+ cardinality:
+ field: attributes.city.exact
+ bucketAggregation:
+ summary: BucketAggregation
+ value:
+ indices:
+ - aggregations
+ aggregationType: SAILPOINT
+ aggregations:
+ bucket:
+ name: Identity Locations
+ type: TERMS
+ field: attributes.city
+ bucketAggregation-dsl:
+ summary: BucketAggregation using DSL
+ value:
+ indices:
+ - aggregations
+ aggregationType: DSL
+ aggregationsDsl:
+ Identity Locations:
+ terms:
+ field: attributes.city.exact
+ nestedAggregation-bucketAggregation:
+ summary: NestedAggregation with BucketAggregation
+ value:
+ indices:
+ - aggregations
+ aggregationType: SAILPOINT
+ aggregations:
+ nested:
+ name: Access
+ field: access
+ type: TERMS
+ bucket:
+ name: Access Source Name
+ type: TERMS
+ field: access.source.name
+ nestedAggregation-bucketAggregation-dsl:
+ summary: NestedAggregation with BucketAggregation using DSL
+ value:
+ indices:
+ - aggregations
+ aggregationType: DSL
+ aggregationsDsl:
+ access:
+ nested:
+ path: access
+ aggs:
+ Access Source Name:
+ terms:
+ field: access.source.name.exact
+ nestedAggregation-filterAggregation-bucketAggregation:
+ summary: NestedAggregation with FilterAggregation and BucketAggregation
+ value:
+ indices:
+ - aggregations
+ aggregationType: SAILPOINT
+ aggregations:
+ nested:
+ name: Access
+ field: access
+ type: TERMS
+ filter:
+ name: Entitlements
+ field: access.type
+ value: ENTITLEMENT
+ bucket:
+ name: Access Name
+ type: TERMS
+ field: access.name
+ nestedAggregation-filterAggregation-bucketAggregation-dsl:
+ summary: NestedAggregation with FilterAggregation and BucketAggregation using DSL
+ value:
+ indices:
+ - aggregations
+ aggregationType: DSL
+ aggregationsDsl:
+ access:
+ nested:
+ path: access
+ aggs:
+ Entitlements:
+ filter:
+ term:
+ access.type: ENTITLEMENT
+ aggs:
+ Access Name:
+ terms:
+ field: access.name.exact
+ bucketAggregation-subAggregation:
+ summary: BucketAggregation with SubAggregation
+ value:
+ indices:
+ - aggregations
+ aggregationType: SAILPOINT
+ aggregations:
+ bucket:
+ name: Identity Department
+ type: TERMS
+ field: attributes.department
+ subAggregation:
+ bucket:
+ name: Identity Locations
+ type: TERMS
+ field: attributes.city
+ bucketAggregation-subAggregation-dsl:
+ summary: BucketAggregation with SubAggregation using DSL
+ value:
+ indices:
+ - aggregations
+ aggregationType: DSL
+ aggregationsDsl:
+ Identity Department:
+ terms:
+ field: attributes.department.exact
+ aggs:
+ Identity Locations:
+ terms:
+ field: attributes.city.exact
+ required: true
+ responses:
+ '200':
+ description: Aggregation results.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ aggregations:
+ type: object
+ description: |
+ The document containing the results of the aggregation. This document is controlled by Elasticsearch and depends on the type of aggregation query that is run.
+
+ See Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) documentation for information.
+ example:
+ Identity Locations:
+ buckets:
+ - key: Austin
+ doc_count: 109
+ - key: London
+ doc_count: 64
+ - key: San Jose
+ doc_count: 27
+ - key: Brussels
+ doc_count: 26
+ - key: Sao Paulo
+ doc_count: 24
+ - key: Munich
+ doc_count: 23
+ - key: Singapore
+ doc_count: 22
+ - key: Tokyo
+ doc_count: 20
+ - key: Taipei
+ doc_count: 16
+ hits:
+ description: |
+ The results of the aggregation search query.
+ type: array
+ items:
+ discriminator:
+ propertyName: _type
+ mapping:
+ accessprofile: ../model/access/profile/AccessProfile.yaml
+ accountactivity: ../model/account/activity/AccountActivity.yaml
+ account: ../model/account/Account.yaml
+ aggregation: ../model/aggregation/Aggregation.yaml
+ entitlement: ../model/entitlement/Entitlement.yaml
+ event: ../model/event/Event.yaml
+ identity: ../model/identity/Identity.yaml
+ role: ../model/role/Role.yaml
+ oneOf:
+ - description: 'This is more of a complete representation of an access profile. '
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ enabled:
+ type: boolean
+ requestable:
+ type: boolean
+ requestCommentsRequired:
+ type: boolean
+ owner:
+ allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ - type: object
+ properties:
+ email:
+ type: string
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ entitlements:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ attribute:
+ type: string
+ value:
+ type: string
+ entitlementCount:
+ type: integer
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ - description: AccountActivity
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - type: object
+ properties:
+ action:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ stage:
+ type: string
+ origin:
+ type: string
+ status:
+ type: string
+ requester:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ recipient:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ trackingNumber:
+ type: string
+ errors:
+ type: array
+ items:
+ type: string
+ warnings:
+ type: array
+ items:
+ type: string
+ approvals:
+ type: array
+ items:
+ type: object
+ properties:
+ comments:
+ type: array
+ items:
+ type: object
+ properties:
+ comment:
+ type: string
+ commenter:
+ type: string
+ date:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ owner:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ result:
+ type: string
+ type:
+ type: string
+ originalRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ accountId:
+ type: string
+ attributeRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ op:
+ type: string
+ value:
+ type: string
+ op:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ expansionItems:
+ type: array
+ items:
+ type: object
+ properties:
+ accountId:
+ type: string
+ cause:
+ type: string
+ name:
+ type: string
+ attributeRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ op:
+ type: string
+ value:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ accountRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ accountId:
+ type: string
+ attributeRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ op:
+ type: string
+ value:
+ type: string
+ op:
+ type: string
+ provisioningTarget:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ result:
+ type: object
+ properties:
+ errors:
+ type: array
+ items:
+ type: string
+ status:
+ type: string
+ ticketId:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ sources:
+ type: array
+ items:
+ type: string
+ - description: Account
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ accountId:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ disabled:
+ type: boolean
+ locked:
+ type: boolean
+ privileged:
+ type: boolean
+ manuallyCorrelated:
+ type: boolean
+ passwordLastSet:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ entitlementAttributes:
+ type: object
+ nullable: true
+ description: a map or dictionary of key/value pairs
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ - type: object
+ properties:
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ attributes:
+ type: object
+ description: a map or dictionary of key/value pairs
+ identity:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ access:
+ type: array
+ items:
+ description: EntitlementReference
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ privileged:
+ type: boolean
+ attribute:
+ type: string
+ value:
+ type: string
+ standalone:
+ type: boolean
+ entitlementCount:
+ type: integer
+ uncorrelated:
+ type: boolean
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ - description: Aggregation
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - type: object
+ properties:
+ status:
+ type: string
+ duration:
+ type: integer
+ avgDuration:
+ type: integer
+ changedAccounts:
+ type: integer
+ nextScheduled:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ startTime:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ sourceOwner:
+ type: string
+ - description: Entitlement
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ attribute:
+ type: string
+ value:
+ type: string
+ - type: object
+ properties:
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ displayName:
+ type: string
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ privileged:
+ type: boolean
+ identityCount:
+ type: integer
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ - description: Event
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - type: object
+ properties:
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ action:
+ type: string
+ type:
+ type: string
+ actor:
+ type: object
+ properties:
+ name:
+ type: string
+ example: John Doe
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ target:
+ type: object
+ properties:
+ name:
+ type: string
+ example: John Doe
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ stack:
+ type: string
+ trackingNumber:
+ type: string
+ ipAddress:
+ type: string
+ details:
+ type: string
+ attributes:
+ type: object
+ objects:
+ type: array
+ items:
+ type: string
+ operation:
+ type: string
+ status:
+ type: string
+ technicalName:
+ type: string
+ - description: Identity
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ firstName:
+ type: string
+ lastName:
+ type: string
+ displayName:
+ type: string
+ email:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ phone:
+ type: string
+ inactive:
+ type: boolean
+ protected:
+ type: boolean
+ status:
+ type: string
+ employeeNumber:
+ type: string
+ manager:
+ nullable: true
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ isManager:
+ type: boolean
+ identityProfile:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ attributes:
+ type: object
+ description: a map or dictionary of key/value pairs
+ processingState:
+ type: string
+ nullable: true
+ processingDetails:
+ nullable: true
+ type: object
+ properties:
+ date:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ stage:
+ type: string
+ retryCount:
+ type: integer
+ stackTrace:
+ type: string
+ message:
+ type: string
+ accounts:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ accountId:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ disabled:
+ type: boolean
+ locked:
+ type: boolean
+ privileged:
+ type: boolean
+ manuallyCorrelated:
+ type: boolean
+ passwordLastSet:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ entitlementAttributes:
+ type: object
+ nullable: true
+ description: a map or dictionary of key/value pairs
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ accountCount:
+ type: integer
+ apps:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ account:
+ type: object
+ properties:
+ id:
+ type: string
+ accountId:
+ type: string
+ appCount:
+ type: integer
+ access:
+ type: array
+ items:
+ discriminator:
+ propertyName: type
+ mapping:
+ ACCESS_PROFILE: ../access/AccessProfile.yaml
+ ENTITLEMENT: ../access/Entitlement.yaml
+ ROLE: ../access/Role.yaml
+ oneOf:
+ - description: 'This is a summary representation of an access profile. '
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ owner:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ revocable:
+ type: boolean
+ - description: EntitlementReference
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ privileged:
+ type: boolean
+ attribute:
+ type: string
+ value:
+ type: string
+ standalone:
+ type: boolean
+ - description: Role
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ owner:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ disabled:
+ type: boolean
+ revocable:
+ type: boolean
+ accessCount:
+ type: integer
+ accessProfileCount:
+ type: integer
+ entitlementCount:
+ type: integer
+ roleCount:
+ type: integer
+ owns:
+ type: object
+ properties:
+ sources:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ entitlements:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ accessProfiles:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ roles:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ apps:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ governanceGroups:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ fallbackApprover:
+ type: boolean
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ - description: Role
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ enabled:
+ type: boolean
+ requestable:
+ type: boolean
+ requestCommentsRequired:
+ type: boolean
+ owner:
+ allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ - type: object
+ properties:
+ email:
+ type: string
+ - type: object
+ properties:
+ accessProfiles:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ accessProfileCount:
+ type: integer
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ text/csv:
+ schema:
+ description: |
+ If the *Accept:text/csv* header is specified and the *aggregationType* parameter in the request body is *SAILPOINT*,
+
+ the aggregation result will be returned as a CSV document.
+ type: string
+ example:
+ - 'Identity Locations,Count'
+ - 'Munich,23'
+ - 'Brussels,26'
+ - 'Singapore,22'
+ - 'Tokyo,20'
+ - 'Taipei,16'
+ - 'London,64'
+ - 'Austin,109'
+ - 'Sao Paulo,24'
+ - 'San Jose,27'
+ headers:
+ X-Total-Count:
+ description: The total result count (returned only if the *count* parameter is specified as *true*).
+ schema:
+ type: integer
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '/search/{index}/{id}':
+ get:
+ tags:
+ - Search
+ description: Fetches a single document from the specified index using the specified document ID.
+ operationId: searchGet
+ summary: Get a Document by ID
+ parameters:
+ - in: path
+ name: index
+ description: |
+ The index from which to fetch the specified document.
+
+ The currently supported index names are: *accessprofiles*, *accountactivities*, *accounts*, *aggregations*, *entitlements*, *events*, *identities*, and *roles*.
+ schema:
+ type: string
+ required: true
+ - in: path
+ name: id
+ description: ID of the requested document.
+ schema:
+ type: string
+ required: true
+ responses:
+ '200':
+ description: The requested document.
+ content:
+ application/json:
+ schema:
+ discriminator:
+ propertyName: _type
+ mapping:
+ accessprofile: ../model/access/profile/AccessProfile.yaml
+ accountactivity: ../model/account/activity/AccountActivity.yaml
+ account: ../model/account/Account.yaml
+ aggregation: ../model/aggregation/Aggregation.yaml
+ entitlement: ../model/entitlement/Entitlement.yaml
+ event: ../model/event/Event.yaml
+ identity: ../model/identity/Identity.yaml
+ role: ../model/role/Role.yaml
+ oneOf:
+ - description: 'This is more of a complete representation of an access profile. '
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ enabled:
+ type: boolean
+ requestable:
+ type: boolean
+ requestCommentsRequired:
+ type: boolean
+ owner:
+ allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ - type: object
+ properties:
+ email:
+ type: string
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ entitlements:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ attribute:
+ type: string
+ value:
+ type: string
+ entitlementCount:
+ type: integer
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ - description: AccountActivity
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - type: object
+ properties:
+ action:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ stage:
+ type: string
+ origin:
+ type: string
+ status:
+ type: string
+ requester:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ recipient:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ trackingNumber:
+ type: string
+ errors:
+ type: array
+ items:
+ type: string
+ warnings:
+ type: array
+ items:
+ type: string
+ approvals:
+ type: array
+ items:
+ type: object
+ properties:
+ comments:
+ type: array
+ items:
+ type: object
+ properties:
+ comment:
+ type: string
+ commenter:
+ type: string
+ date:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ owner:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ result:
+ type: string
+ type:
+ type: string
+ originalRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ accountId:
+ type: string
+ attributeRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ op:
+ type: string
+ value:
+ type: string
+ op:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ expansionItems:
+ type: array
+ items:
+ type: object
+ properties:
+ accountId:
+ type: string
+ cause:
+ type: string
+ name:
+ type: string
+ attributeRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ op:
+ type: string
+ value:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ accountRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ accountId:
+ type: string
+ attributeRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ op:
+ type: string
+ value:
+ type: string
+ op:
+ type: string
+ provisioningTarget:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ result:
+ type: object
+ properties:
+ errors:
+ type: array
+ items:
+ type: string
+ status:
+ type: string
+ ticketId:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ sources:
+ type: array
+ items:
+ type: string
+ - description: Account
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ accountId:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ disabled:
+ type: boolean
+ locked:
+ type: boolean
+ privileged:
+ type: boolean
+ manuallyCorrelated:
+ type: boolean
+ passwordLastSet:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ entitlementAttributes:
+ type: object
+ nullable: true
+ description: a map or dictionary of key/value pairs
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ - type: object
+ properties:
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ attributes:
+ type: object
+ description: a map or dictionary of key/value pairs
+ identity:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ access:
+ type: array
+ items:
+ description: EntitlementReference
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ privileged:
+ type: boolean
+ attribute:
+ type: string
+ value:
+ type: string
+ standalone:
+ type: boolean
+ entitlementCount:
+ type: integer
+ uncorrelated:
+ type: boolean
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ - description: Aggregation
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - type: object
+ properties:
+ status:
+ type: string
+ duration:
+ type: integer
+ avgDuration:
+ type: integer
+ changedAccounts:
+ type: integer
+ nextScheduled:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ startTime:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ sourceOwner:
+ type: string
+ - description: Entitlement
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ attribute:
+ type: string
+ value:
+ type: string
+ - type: object
+ properties:
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ displayName:
+ type: string
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ privileged:
+ type: boolean
+ identityCount:
+ type: integer
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ - description: Event
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - type: object
+ properties:
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ action:
+ type: string
+ type:
+ type: string
+ actor:
+ type: object
+ properties:
+ name:
+ type: string
+ example: John Doe
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ target:
+ type: object
+ properties:
+ name:
+ type: string
+ example: John Doe
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ stack:
+ type: string
+ trackingNumber:
+ type: string
+ ipAddress:
+ type: string
+ details:
+ type: string
+ attributes:
+ type: object
+ objects:
+ type: array
+ items:
+ type: string
+ operation:
+ type: string
+ status:
+ type: string
+ technicalName:
+ type: string
+ - description: Identity
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ firstName:
+ type: string
+ lastName:
+ type: string
+ displayName:
+ type: string
+ email:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ phone:
+ type: string
+ inactive:
+ type: boolean
+ protected:
+ type: boolean
+ status:
+ type: string
+ employeeNumber:
+ type: string
+ manager:
+ nullable: true
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ isManager:
+ type: boolean
+ identityProfile:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ attributes:
+ type: object
+ description: a map or dictionary of key/value pairs
+ processingState:
+ type: string
+ nullable: true
+ processingDetails:
+ nullable: true
+ type: object
+ properties:
+ date:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ stage:
+ type: string
+ retryCount:
+ type: integer
+ stackTrace:
+ type: string
+ message:
+ type: string
+ accounts:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ accountId:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ disabled:
+ type: boolean
+ locked:
+ type: boolean
+ privileged:
+ type: boolean
+ manuallyCorrelated:
+ type: boolean
+ passwordLastSet:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ entitlementAttributes:
+ type: object
+ nullable: true
+ description: a map or dictionary of key/value pairs
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ accountCount:
+ type: integer
+ apps:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ account:
+ type: object
+ properties:
+ id:
+ type: string
+ accountId:
+ type: string
+ appCount:
+ type: integer
+ access:
+ type: array
+ items:
+ discriminator:
+ propertyName: type
+ mapping:
+ ACCESS_PROFILE: ../access/AccessProfile.yaml
+ ENTITLEMENT: ../access/Entitlement.yaml
+ ROLE: ../access/Role.yaml
+ oneOf:
+ - description: 'This is a summary representation of an access profile. '
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ owner:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ revocable:
+ type: boolean
+ - description: EntitlementReference
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ privileged:
+ type: boolean
+ attribute:
+ type: string
+ value:
+ type: string
+ standalone:
+ type: boolean
+ - description: Role
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ owner:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ disabled:
+ type: boolean
+ revocable:
+ type: boolean
+ accessCount:
+ type: integer
+ accessProfileCount:
+ type: integer
+ entitlementCount:
+ type: integer
+ roleCount:
+ type: integer
+ owns:
+ type: object
+ properties:
+ sources:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ entitlements:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ accessProfiles:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ roles:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ apps:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ governanceGroups:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ fallbackApprover:
+ type: boolean
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ - description: Role
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ enabled:
+ type: boolean
+ requestable:
+ type: boolean
+ requestCommentsRequired:
+ type: boolean
+ owner:
+ allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ - type: object
+ properties:
+ email:
+ type: string
+ - type: object
+ properties:
+ accessProfiles:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ accessProfileCount:
+ type: integer
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ examples:
+ accessProfile:
+ summary: AccessProfile
+ value:
+ id: 2c9180825a6c1adc015a71c9023f0818
+ name: Cloud Eng
+ _type: accessprofile
+ description: Cloud Eng
+ created: '2017-02-24T20:21:23.145Z'
+ modified: '2019-05-24T20:36:04.312Z'
+ synced: '2020-02-18T05:30:20.414Z'
+ enabled: true
+ requestable: true
+ requestCommentsRequired: false
+ owner:
+ id: ff8081815757d36a015757d42e56031e
+ name: SailPoint Support
+ type: IDENTITY
+ email: cloud-support@sailpoint.com
+ source:
+ id: ff8081815757d4fb0157588f3d9d008f
+ name: Employees
+ entitlements:
+ - id: 2c918084575812550157589064f33b89
+ name: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
+ description: mull
+ attribute: memberOf
+ value: 'CN=Cloud Engineering,DC=sailpoint,DC=COM'
+ entitlementCount: 1
+ tags:
+ - TAG_1
+ - TAG_2
+ entitlement:
+ summary: Entitlement
+ value:
+ id: 2c9180946ed0c43d016eec1a80892fbd
+ name: entitlement.aa415ae7
+ _type: entitlement
+ description: 'null'
+ attribute: groups
+ value: entitlement.aa415ae7
+ modified: '2019-12-09T19:19:50.154Z'
+ synced: '2020-02-19T04:30:32.906Z'
+ displayName: entitlement.aa415ae7
+ source:
+ id: 2c91808b6e9e6fb8016eec1a2b6f7b5f
+ name: ODS-HR-Employees
+ privileged: false
+ identityCount: 68
+ tags:
+ - TAG_1
+ - TAG_2
+ event:
+ summary: Event
+ value:
+ id: e092842f-c904-4b59-aac8-2544abeeef4b
+ name: Update Task Schedule Passed
+ _type: event
+ created: '2020-02-17T16:23:18.327Z'
+ synced: '2020-02-17T16:23:18.388Z'
+ action: TASK_SCHEDULE_UPDATE_PASSED
+ type: SYSTEM_CONFIG
+ actor:
+ name: MantisTaskScheduler
+ target:
+ name: Perform provisioning activity search delete synchronization
+ stack: tpe
+ trackingNumber: c6b98bc39ece48b080826d16c76b166c
+ ipAddress: 207.189.160.158
+ details: 'null'
+ attributes:
+ sourceName: SailPoint
+ objects:
+ - TASK
+ - SCHEDULE
+ operation: UPDATE
+ status: PASSED
+ technicalName: TASK_SCHEDULE_UPDATE_PASSED
+ identity:
+ summary: Identity
+ value:
+ id: 2c9180865c45e7e3015c46c434a80622
+ name: ad.admin
+ _type: identity
+ firstName: AD
+ lastName: Admin
+ displayName: AD Admin
+ email: SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM
+ created: '2018-08-22T19:54:54.302Z'
+ modified: '2018-08-22T19:54:54.302Z'
+ synced: '2018-08-22T19:54:54.302Z'
+ phone: 512-942-7578
+ inactive: false
+ protected: false
+ status: UNREGISTERED
+ employeeNumber: O349804
+ manager: null
+ isManager: false
+ identityProfile:
+ id: 2c918085605c8d0601606f357cb231e6
+ name: E2E AD
+ source:
+ id: 2c9180855c45b230015c46c19b9c0202
+ name: EndToEnd-ADSource
+ attributes:
+ uid: ad.admin
+ firstname: AD
+ cloudAuthoritativeSource: 2c9180855c45b230015c46c19b9c0202
+ cloudStatus: UNREGISTERED
+ iplanet-am-user-alias-list: null
+ displayName: AD Admin
+ internalCloudStatus: UNREGISTERED
+ workPhone: 512-942-7578
+ email: SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM
+ lastname: Admin
+ processingState: null
+ processingDetails: null
+ accounts:
+ - id: 2c9180865c45e7e3015c46c434a80623
+ name: ad.admin
+ accountId: 'CN=AD Admin,OU=slpt-automation,DC=TestAutomationAD,DC=local'
+ source:
+ id: 2c9180855c45b230015c46c19b9c0202
+ name: EndToEnd-ADSource
+ type: Active Directory - Direct
+ disabled: false
+ locked: false
+ privileged: false
+ manuallyCorrelated: false
+ passwordLastSet: '2018-08-22T19:54:54.302Z'
+ entitlementAttributes:
+ memberOf:
+ - 'CN=Group Policy Creator Owners,CN=Users,DC=TestAutomationAD,DC=local'
+ - 'CN=Domain Guests,CN=Users,DC=TestAutomationAD,DC=local'
+ - 'CN=Domain Admins,CN=Users,DC=TestAutomationAD,DC=local'
+ - 'CN=Enterprise Admins,CN=Users,DC=TestAutomationAD,DC=local'
+ - 'CN=Schema Admins,CN=Users,DC=TestAutomationAD,DC=local'
+ - 'CN=Guests,CN=Builtin,DC=TestAutomationAD,DC=local'
+ - 'CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local'
+ created: '2018-08-22T19:54:54.302Z'
+ - id: 2c918083606d670c01606f35a30a0349
+ name: ad.admin
+ accountId: ad.admin
+ source:
+ id: ff8081815c46b85b015c46b90c7c02a6
+ name: IdentityNow
+ type: IdentityNowConnector
+ disabled: false
+ locked: false
+ privileged: false
+ manuallyCorrelated: false
+ passwordLastSet: null
+ entitlementAttributes: null
+ created: '2018-08-22T19:54:54.302Z'
+ accountCount: 2
+ apps:
+ - id: '22751'
+ name: ADP Workforce Now
+ source:
+ id: 2c9180855c45b230015c46e2f6a8026a
+ name: Corporate Active Directory
+ account:
+ id: 2c9180865c45efa4015c470be0de1606
+ accountId: 'CN=Bob Wilson,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
+ appCount: 1
+ access:
+ - id: 2c918083634bc6cb01639808d40270ba
+ name: 'test [AccessProfile-1527264105448]'
+ displayName: test
+ type: ACCESS_PROFILE
+ description: test
+ source:
+ id: 2c9180855c45b230015c46c19b9c0202
+ name: EndToEnd-ADSource
+ owner:
+ id: 2c9180865c45e7e3015c46c434a80622
+ name: ad.admin
+ displayName: AD Admin
+ - id: 2c9180865c45e7e3015c46c457c50755
+ name: Administrators
+ displayName: Administrators
+ type: ENTITLEMENT
+ description: null
+ source:
+ id: 2c9180855c45b230015c46c19b9c0202
+ name: EndToEnd-ADSource
+ privileged: false
+ attribute: memberOf
+ value: 'CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local'
+ standalone: false
+ - id: 2c9180865decdaa5015e06598b293108
+ name: 'test [cloudRole-1503345085223]'
+ displayName: test
+ type: ROLE
+ description: test
+ owner:
+ id: 2c9180865c45e7e3015c46c5030707a0
+ name: will.albin
+ displayName: Albin Will
+ disabled: false
+ accessCount: 3
+ accessProfileCount: 1
+ entitlementCount: 1
+ roleCount: 1
+ tags:
+ - TAG_1
+ - TAG_2
+ role:
+ summary: Role
+ value:
+ id: 2c91808c6faadea6016fb4f2bc69077b
+ name: IT Role
+ _type: role
+ description: IT role
+ created: '2020-01-17T19:20:15.040Z'
+ modified: null
+ synced: '2020-02-18T05:30:20.145Z'
+ enabled: true
+ requestable: false
+ requestCommentsRequired: false
+ owner:
+ id: 2c9180a46faadee4016fb4e018c20639
+ name: Cloud Support
+ type: IDENTITY
+ email: thomas.edison@acme-solar.com
+ accessProfiles:
+ - id: 2c91809c6faade77016fb4f0b63407ae
+ name: Admin Access
+ accessProfileCount: 1
+ tags:
+ - TAG_1
+ - TAG_2
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ /service-desk-integrations:
+ get:
+ tags:
+ - Service Desk Integration
+ summary: List existing Service Desk Integrations
+ description: Get a list of ServiceDeskIntegrationDto for existing Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
+ operationId: getServiceDeskIntegrationList
+ parameters:
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - name: sorters
+ in: query
+ required: false
+ style: form
+ explode: true
+ schema:
+ type: string
+ description: |-
+ Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+
+ Sorting is supported for the following fields: **name**
+ - name: filters
+ in: query
+ required: false
+ style: form
+ explode: true
+ schema:
+ type: string
+ format: comma-separated
+ description: |-
+ Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+
+ Filtering is supported for the following fields and operators:
+
+ **id**: *eq, in*
+
+ **name**: *eq*
+
+ **type**: *eq, in*
+
+ **cluster**: *eq, in*
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ responses:
+ '200':
+ description: List of ServiceDeskIntegrationDto
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ description: Specification of a Service Desk integration
+ required:
+ - description
+ - type
+ - attributes
+ properties:
+ description:
+ description: Description of the Service Desk integration
+ type: string
+ example: A very nice Service Desk integration
+ type:
+ description: Type of the Service Desk integration
+ type: string
+ default: ServiceNowSDIM
+ ownerRef:
+ description: Reference to the identity that is the owner of this Service Desk integration
+ default:
+ type: IDENTITY
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ clusterRef:
+ description: Reference to the source cluster for this Service Desk integration
+ default:
+ type: CLUSTER
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ cluster:
+ description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)'
+ type: string
+ example: xyzzy999
+ deprecated: true
+ managedSources:
+ description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)'
+ type: array
+ items:
+ type: string
+ deprecated: true
+ provisioningConfig:
+ description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
+ type: object
+ properties:
+ universalManager:
+ description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
+ type: boolean
+ readOnly: true
+ managedResourceRefs:
+ description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
+ type: array
+ items:
+ default:
+ type: SOURCE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ planInitializerScript:
+ description: This is a reference to a plan initializer script.
+ type: object
+ properties:
+ source:
+ description: This is a Rule that allows provisioning instruction changes.
+ type: string
+ attributes:
+ description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation.
+ type: object
+ additionalProperties: true
+ beforeProvisioningRule:
+ description: Reference to beforeProvisioningRule for this Service Desk integration
+ default:
+ type: RULE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:service-desk-admin:read'
+ - 'idn:service-desk-integration:read'
+ post:
+ tags:
+ - Service Desk Integration
+ summary: Create a new Service Desk integration
+ description: Create a new Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
+ operationId: createServiceDeskIntegration
+ requestBody:
+ description: The specifics of a new integration to create
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ description: Specification of a Service Desk integration
+ required:
+ - description
+ - type
+ - attributes
+ properties:
+ description:
+ description: Description of the Service Desk integration
+ type: string
+ example: A very nice Service Desk integration
+ type:
+ description: Type of the Service Desk integration
+ type: string
+ default: ServiceNowSDIM
+ ownerRef:
+ description: Reference to the identity that is the owner of this Service Desk integration
+ default:
+ type: IDENTITY
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ clusterRef:
+ description: Reference to the source cluster for this Service Desk integration
+ default:
+ type: CLUSTER
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ cluster:
+ description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)'
+ type: string
+ example: xyzzy999
+ deprecated: true
+ managedSources:
+ description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)'
+ type: array
+ items:
+ type: string
+ deprecated: true
+ provisioningConfig:
+ description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
+ type: object
+ properties:
+ universalManager:
+ description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
+ type: boolean
+ readOnly: true
+ managedResourceRefs:
+ description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
+ type: array
+ items:
+ default:
+ type: SOURCE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ planInitializerScript:
+ description: This is a reference to a plan initializer script.
+ type: object
+ properties:
+ source:
+ description: This is a Rule that allows provisioning instruction changes.
+ type: string
+ attributes:
+ description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation.
+ type: object
+ additionalProperties: true
+ beforeProvisioningRule:
+ description: Reference to beforeProvisioningRule for this Service Desk integration
+ default:
+ type: RULE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ required: true
+ responses:
+ '200':
+ description: details of the created integration
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ description: Specification of a Service Desk integration
+ required:
+ - description
+ - type
+ - attributes
+ properties:
+ description:
+ description: Description of the Service Desk integration
+ type: string
+ example: A very nice Service Desk integration
+ type:
+ description: Type of the Service Desk integration
+ type: string
+ default: ServiceNowSDIM
+ ownerRef:
+ description: Reference to the identity that is the owner of this Service Desk integration
+ default:
+ type: IDENTITY
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ clusterRef:
+ description: Reference to the source cluster for this Service Desk integration
+ default:
+ type: CLUSTER
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ cluster:
+ description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)'
+ type: string
+ example: xyzzy999
+ deprecated: true
+ managedSources:
+ description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)'
+ type: array
+ items:
+ type: string
+ deprecated: true
+ provisioningConfig:
+ description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
+ type: object
+ properties:
+ universalManager:
+ description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
+ type: boolean
+ readOnly: true
+ managedResourceRefs:
+ description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
+ type: array
+ items:
+ default:
+ type: SOURCE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ planInitializerScript:
+ description: This is a reference to a plan initializer script.
+ type: object
+ properties:
+ source:
+ description: This is a Rule that allows provisioning instruction changes.
+ type: string
+ attributes:
+ description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation.
+ type: object
+ additionalProperties: true
+ beforeProvisioningRule:
+ description: Reference to beforeProvisioningRule for this Service Desk integration
+ default:
+ type: RULE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:service-desk-admin:write'
+ - 'idn:service-desk-integration:write'
+ '/service-desk-integrations/{id}':
+ get:
+ tags:
+ - Service Desk Integration
+ summary: Get a Service Desk integration by ID
+ description: Get an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
+ operationId: getServiceDeskIntegration
+ parameters:
+ - name: id
+ in: path
+ description: ID of the Service Desk integration to get
+ required: true
+ style: simple
+ explode: false
+ schema:
+ type: string
+ example: anId
+ responses:
+ '200':
+ description: ServiceDeskIntegrationDto with the given ID
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ description: Specification of a Service Desk integration
+ required:
+ - description
+ - type
+ - attributes
+ properties:
+ description:
+ description: Description of the Service Desk integration
+ type: string
+ example: A very nice Service Desk integration
+ type:
+ description: Type of the Service Desk integration
+ type: string
+ default: ServiceNowSDIM
+ ownerRef:
+ description: Reference to the identity that is the owner of this Service Desk integration
+ default:
+ type: IDENTITY
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ clusterRef:
+ description: Reference to the source cluster for this Service Desk integration
+ default:
+ type: CLUSTER
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ cluster:
+ description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)'
+ type: string
+ example: xyzzy999
+ deprecated: true
+ managedSources:
+ description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)'
+ type: array
+ items:
+ type: string
+ deprecated: true
+ provisioningConfig:
+ description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
+ type: object
+ properties:
+ universalManager:
+ description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
+ type: boolean
+ readOnly: true
+ managedResourceRefs:
+ description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
+ type: array
+ items:
+ default:
+ type: SOURCE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ planInitializerScript:
+ description: This is a reference to a plan initializer script.
+ type: object
+ properties:
+ source:
+ description: This is a Rule that allows provisioning instruction changes.
+ type: string
+ attributes:
+ description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation.
+ type: object
+ additionalProperties: true
+ beforeProvisioningRule:
+ description: Reference to beforeProvisioningRule for this Service Desk integration
+ default:
+ type: RULE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:service-desk-admin:read'
+ - 'idn:service-desk-integration:read'
+ put:
+ tags:
+ - Service Desk Integration
+ summary: Update a Service Desk integration by ID
+ description: Update an existing Service Desk integration by ID with updated value in JSON form as the request body. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
+ operationId: updateServiceDeskIntegration
+ parameters:
+ - name: id
+ in: path
+ description: ID of the Service Desk integration to update
+ required: true
+ style: simple
+ explode: false
+ schema:
+ type: string
+ example: anId
+ requestBody:
+ description: The specifics of the integration to update
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ description: Specification of a Service Desk integration
+ required:
+ - description
+ - type
+ - attributes
+ properties:
+ description:
+ description: Description of the Service Desk integration
+ type: string
+ example: A very nice Service Desk integration
+ type:
+ description: Type of the Service Desk integration
+ type: string
+ default: ServiceNowSDIM
+ ownerRef:
+ description: Reference to the identity that is the owner of this Service Desk integration
+ default:
+ type: IDENTITY
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ clusterRef:
+ description: Reference to the source cluster for this Service Desk integration
+ default:
+ type: CLUSTER
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ cluster:
+ description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)'
+ type: string
+ example: xyzzy999
+ deprecated: true
+ managedSources:
+ description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)'
+ type: array
+ items:
+ type: string
+ deprecated: true
+ provisioningConfig:
+ description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
+ type: object
+ properties:
+ universalManager:
+ description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
+ type: boolean
+ readOnly: true
+ managedResourceRefs:
+ description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
+ type: array
+ items:
+ default:
+ type: SOURCE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ planInitializerScript:
+ description: This is a reference to a plan initializer script.
+ type: object
+ properties:
+ source:
+ description: This is a Rule that allows provisioning instruction changes.
+ type: string
+ attributes:
+ description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation.
+ type: object
+ additionalProperties: true
+ beforeProvisioningRule:
+ description: Reference to beforeProvisioningRule for this Service Desk integration
+ default:
+ type: RULE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ required: true
+ responses:
+ '200':
+ description: ServiceDeskIntegrationDto as updated
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ description: Specification of a Service Desk integration
+ required:
+ - description
+ - type
+ - attributes
+ properties:
+ description:
+ description: Description of the Service Desk integration
+ type: string
+ example: A very nice Service Desk integration
+ type:
+ description: Type of the Service Desk integration
+ type: string
+ default: ServiceNowSDIM
+ ownerRef:
+ description: Reference to the identity that is the owner of this Service Desk integration
+ default:
+ type: IDENTITY
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ clusterRef:
+ description: Reference to the source cluster for this Service Desk integration
+ default:
+ type: CLUSTER
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ cluster:
+ description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)'
+ type: string
+ example: xyzzy999
+ deprecated: true
+ managedSources:
+ description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)'
+ type: array
+ items:
+ type: string
+ deprecated: true
+ provisioningConfig:
+ description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
+ type: object
+ properties:
+ universalManager:
+ description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
+ type: boolean
+ readOnly: true
+ managedResourceRefs:
+ description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
+ type: array
+ items:
+ default:
+ type: SOURCE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ planInitializerScript:
+ description: This is a reference to a plan initializer script.
+ type: object
+ properties:
+ source:
+ description: This is a Rule that allows provisioning instruction changes.
+ type: string
+ attributes:
+ description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation.
+ type: object
+ additionalProperties: true
+ beforeProvisioningRule:
+ description: Reference to beforeProvisioningRule for this Service Desk integration
+ default:
+ type: RULE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:service-desk-admin:write'
+ - 'idn:service-desk-integration:write'
+ delete:
+ tags:
+ - Service Desk Integration
+ summary: Delete a Service Desk integration by ID
+ description: Delete an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
+ operationId: deleteServiceDeskIntegration
+ parameters:
+ - name: id
+ in: path
+ description: ID of Service Desk integration to delete
+ required: true
+ style: simple
+ explode: false
+ schema:
+ type: string
+ example: anId
+ responses:
+ '204':
+ description: Service Desk integration with the given ID successfully deleted
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:service-desk-admin:write'
+ - 'idn:service-desk-integration:write'
+ patch:
+ operationId: patchServiceDeskIntegration
+ tags:
+ - Service Desk Integration
+ summary: Service Desk Integration Update - PATCH
+ description: Update an existing ServiceDeskIntegration by ID with a PATCH request.
+ parameters:
+ - name: id
+ in: path
+ description: ID of the Service Desk integration to update
+ required: true
+ style: simple
+ explode: false
+ schema:
+ type: string
+ example: anId
+ requestBody:
+ required: true
+ description: |
+ A list of SDIM update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
+
+ PATCH can only be applied to the following fields:
+ * "beforeProvisioningRule"
+
+ A 403 Forbidden Error indicates that you attempted to PATCH a field that is not allowed.
+ content:
+ application/json-patch+json:
+ schema:
+ type: object
+ description: 'A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
+ properties:
+ operations:
+ description: Operations to be applied
+ type: array
+ items:
+ type: object
+ description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
+ required:
+ - op
+ - path
+ properties:
+ op:
+ type: string
+ description: The operation to be performed
+ enum:
+ - add
+ - remove
+ - replace
+ - move
+ - copy
+ - test
+ example: replace
+ path:
+ type: string
+ description: A string JSON Pointer representing the target path to an element to be affected by the operation
+ example: /description
+ value:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ - type: array
+ items:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ description: 'The value to be used for the operation, required for "add" and "replace" operations'
+ example: New description
+ example: "[\n {\n\t \"op\": \"replace\",\n\t \"path\": \"/description\",\n\t \"value\": \"A new description\"\n }\n]"
+ responses:
+ '200':
+ description: ServiceDeskIntegrationDto as updated
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ description: Specification of a Service Desk integration
+ required:
+ - description
+ - type
+ - attributes
+ properties:
+ description:
+ description: Description of the Service Desk integration
+ type: string
+ example: A very nice Service Desk integration
+ type:
+ description: Type of the Service Desk integration
+ type: string
+ default: ServiceNowSDIM
+ ownerRef:
+ description: Reference to the identity that is the owner of this Service Desk integration
+ default:
+ type: IDENTITY
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ clusterRef:
+ description: Reference to the source cluster for this Service Desk integration
+ default:
+ type: CLUSTER
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ cluster:
+ description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)'
+ type: string
+ example: xyzzy999
+ deprecated: true
+ managedSources:
+ description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)'
+ type: array
+ items:
+ type: string
+ deprecated: true
+ provisioningConfig:
+ description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
+ type: object
+ properties:
+ universalManager:
+ description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
+ type: boolean
+ readOnly: true
+ managedResourceRefs:
+ description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
+ type: array
+ items:
+ default:
+ type: SOURCE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ planInitializerScript:
+ description: This is a reference to a plan initializer script.
+ type: object
+ properties:
+ source:
+ description: This is a Rule that allows provisioning instruction changes.
+ type: string
+ attributes:
+ description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation.
+ type: object
+ additionalProperties: true
+ beforeProvisioningRule:
+ description: Reference to beforeProvisioningRule for this Service Desk integration
+ default:
+ type: RULE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:service-desk-admin:write'
+ - 'idn:service-desk-integration:write'
+ /service-desk-integrations/types:
+ get:
+ tags:
+ - Service Desk Integration
+ summary: Service Desk Integration Types List.
+ description: This API endpoint returns the current list of supported Service Desk integration types. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
+ operationId: getServiceDeskIntegrationTypes
+ responses:
+ '200':
+ description: Responds with an array of the currently supported Service Desk integration types.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ description: This represents a Service Desk Integration template type.
+ required:
+ - type
+ - scriptName
+ type: object
+ properties:
+ name:
+ description: This is the name of the type.
+ example: aName
+ type: string
+ type:
+ description: This is the type value for the type.
+ example: aType
+ type: string
+ scriptName:
+ description: This is the scriptName attribute value for the type.
+ example: aScriptName
+ type: string
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:service-desk-admin:read'
+ - 'idn:service-desk-integration:read'
+ '/service-desk-integrations/templates/{scriptName}':
+ get:
+ tags:
+ - Service Desk Integration
+ summary: Service Desk integration template by scriptName.
+ description: This API endpoint returns an existing Service Desk integration template by scriptName. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
+ operationId: getServiceDeskIntegrationTemplate
+ parameters:
+ - name: scriptName
+ in: path
+ description: The scriptName value of the Service Desk integration template to get
+ required: true
+ style: simple
+ explode: false
+ schema:
+ type: string
+ example: aScriptName
+ responses:
+ '200':
+ description: Responds with the ServiceDeskIntegrationTemplateDto with the specified scriptName.
+ content:
+ application/json:
+ schema:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ description: 'This is the model for a Service Desk integration template, used to create and edit Service Desk Integrations.'
+ required:
+ - type
+ - attributes
+ - provisioningConfig
+ properties:
+ type:
+ description: The 'type' property specifies the type of the Service Desk integration template.
+ type: string
+ example: Web Service SDIM
+ default: Web Service SDIM
+ attributes:
+ description: The 'attributes' property value is a map of attributes available for integrations using this Service Desk integration template.
+ type: object
+ additionalProperties: true
+ provisioningConfig:
+ description: The 'provisioningConfig' property specifies the configuration used to provision integrations using the template.
+ type: object
+ properties:
+ universalManager:
+ description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
+ type: boolean
+ readOnly: true
+ managedResourceRefs:
+ description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
+ type: array
+ items:
+ default:
+ type: SOURCE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ planInitializerScript:
+ description: This is a reference to a plan initializer script.
+ type: object
+ properties:
+ source:
+ description: This is a Rule that allows provisioning instruction changes.
+ type: string
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:service-desk-admin:read'
+ - 'idn:service-desk-integration:read'
+ /service-desk-integrations/status-check-configuration:
+ get:
+ tags:
+ - Service Desk Integration
+ summary: Get the time check configuration of queued SDIM tickets
+ description: Get the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
+ operationId: getStatusCheckDetails
+ responses:
+ '200':
+ description: QueuedCheckConfigDetails containing the configured values
+ content:
+ application/json:
+ schema:
+ description: Configuration of maximum number days and interval for checking Service Desk integration queue status
+ required:
+ - provisioningStatusCheckIntervalMinutes
+ - provisioningMaxStatusCheckDays
+ type: object
+ properties:
+ provisioningStatusCheckIntervalMinutes:
+ description: interval in minutes between status checks
+ type: string
+ example: 30
+ provisioningMaxStatusCheckDays:
+ description: maximum number of days to check
+ type: string
+ example: 2
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:service-desk-admin:read'
+ - 'idn:service-desk-integration:read'
+ put:
+ tags:
+ - Service Desk Integration
+ summary: Update the time check configuration of queued SDIM tickets
+ description: Update the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint.
+ operationId: updateStatusCheckDetails
+ requestBody:
+ description: the modified time check configuration
+ content:
+ application/json:
+ schema:
+ description: Configuration of maximum number days and interval for checking Service Desk integration queue status
+ required:
+ - provisioningStatusCheckIntervalMinutes
+ - provisioningMaxStatusCheckDays
+ type: object
+ properties:
+ provisioningStatusCheckIntervalMinutes:
+ description: interval in minutes between status checks
+ type: string
+ example: 30
+ provisioningMaxStatusCheckDays:
+ description: maximum number of days to check
+ type: string
+ example: 2
+ required: true
+ responses:
+ '200':
+ description: QueuedCheckConfigDetails as updated
+ content:
+ application/json:
+ schema:
+ description: Configuration of maximum number days and interval for checking Service Desk integration queue status
+ required:
+ - provisioningStatusCheckIntervalMinutes
+ - provisioningMaxStatusCheckDays
+ type: object
+ properties:
+ provisioningStatusCheckIntervalMinutes:
+ description: interval in minutes between status checks
+ type: string
+ example: 30
+ provisioningMaxStatusCheckDays:
+ description: maximum number of days to check
+ type: string
+ example: 2
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:service-desk-admin:write'
+ - 'idn:service-desk-integration:write'
+ /query-password-info:
+ post:
+ operationId: queryPasswordInfo
+ tags:
+ - Password Management
+ summary: Query Password Info
+ description: This API is used to query password related information. A token with API authority is required to call this API.
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ userName:
+ type: string
+ description: The login name of the user
+ example: Abby.Smith
+ sourceName:
+ type: string
+ description: The display name of the source
+ example: My-AD
+ responses:
+ '200':
+ description: Reference to the password info.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ identityId:
+ type: string
+ description: Identity ID
+ example: 2c918085744fec4301746f9a5bce4605
+ sourceId:
+ type: string
+ description: source ID
+ example: 2c918083746f642c01746f990884012a
+ publicKeyId:
+ type: string
+ description: public key ID
+ example: N2M1OTJiMGEtMDJlZS00ZWU3LTkyYTEtNjA5YmI5NWE3ZWVh
+ publicKey:
+ type: string
+ description: User's public key with Base64 encoding
+ example: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGFkWi2J75TztpbaPKd36bJnIB3J8gZ6UcoS9oSDYsqBzPpTsfZXYaEf4Y4BKGgJIXmE/lwhwuj7mU1itdZ2qTSNFtnXA8Fn75c3UUkk+h+wdZbkuSmqlsJo3R1OnJkwkJggcAy9Jvk9jlcrNLWorpQ1w9raUvxtvfgkSdq153KxotenQ1HciSyZ0nA/Kw0UaucLnho8xdRowZs11afXGXA9IT9H6D8T6zUdtSxm0nAyH+mluma5LdTfaM50W3l/L8q56Vrqmx2pZIiwdx/0+g3Y++jV70zom0ZBkC1MmSoLMrQYG5OICNjr72f78B2PaGXfarQHqARLjKpMVt9YIQIDAQAB
+ accounts:
+ type: array
+ description: Account info related to queried identity and source
+ items:
+ type: object
+ properties:
+ accountId:
+ type: string
+ description: 'Account ID of the account. This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350'
+ example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
+ accountName:
+ type: string
+ description: 'Display name of the account. This is specified per account schema in the source configuration. It is used to display name of the account. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-Name-for/ta-p/74008'
+ example: Abby.Smith
+ policies:
+ type: array
+ description: Password constraints
+ items:
+ type: string
+ example:
+ - passwordRepeatedChar is 3
+ - passwordMinAlpha is 1
+ - passwordMinLength is 5
+ - passwordMinNumeric is 1
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /set-password:
+ post:
+ operationId: setPassword
+ tags:
+ - Password Management
+ summary: Set Identity's Password
+ description: This API is used to set a password for an identity. The password can only be set by the actual identity owner or by a trusted API client application.
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ identityId:
+ type: string
+ description: The identity ID that requested the password change
+ example: 8a807d4c73c545510173c545f0a002ff
+ encryptedPassword:
+ type: string
+ description: The RSA encrypted password
+ example: XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A==
+ publicKeyId:
+ type: string
+ description: The encryption key ID
+ example: YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2
+ accountId:
+ type: string
+ description: 'Account ID of the account This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350'
+ example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com'
+ sourceId:
+ type: string
+ description: The ID of the source for which identity is requesting the password change
+ example: 8a807d4c73c545510173c545d4b60246
+ responses:
+ '202':
+ description: Reference to the password change.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ requestId:
+ type: string
+ nullable: true
+ description: The password change request ID
+ example: 089899f13a8f4da7824996191587bab9
+ state:
+ type: string
+ enum:
+ - IN_PROGRESS
+ - FINISHED
+ - FAILED
+ description: Password change state
+ example: IN_PROGRESS
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/password-change-status/{id}':
+ get:
+ operationId: getPasswordChangeStatus
+ tags:
+ - Password Management
+ summary: Get Password Change Request Status
+ description: This API returns the status of a password change request. A token with identity owner or trusted API client application authority is required to call this API.
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ example: 089899f13a8f4da7824996191587bab9
+ description: Password change request ID
+ responses:
+ '200':
+ description: Status of the password change request
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ requestId:
+ type: string
+ nullable: true
+ description: The password change request ID
+ example: 089899f13a8f4da7824996191587bab9
+ state:
+ type: string
+ enum:
+ - IN_PROGRESS
+ - FINISHED
+ - FAILED
+ description: Password change state
+ example: IN_PROGRESS
+ errors:
+ type: array
+ items:
+ type: string
+ description: The errors during the password change request
+ example:
+ - The password change payload is invalid
+ sourceIds:
+ type: array
+ items:
+ type: string
+ description: List of source IDs in the password change request
+ example:
+ - 2c918083746f642c01746f990884012a
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /sources:
+ get:
+ operationId: listSources
+ tags:
+ - Sources
+ summary: Lists all sources in IdentityNow.
+ description: |-
+ This end-point lists all the sources in IdentityNow.
+ A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or ROLE_SUBADMIN authority is required to call this API.
+ parameters:
+ - in: query
+ name: limit
+ description: |-
+ Note that for this API the maximum value for limit is 50.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 50
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 50
+ default: 50
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: filters
+ schema:
+ type: string
+ example: name eq "#Employees"
+ description: |-
+ Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+
+ Filtering is supported for the following fields and operators:
+
+ **id**: *eq, in*
+
+ **name**: *co, eq, in, sw*
+
+ **type**: *eq, in*
+
+ **owner.id**: *eq, in*
+
+ **features**: *ca, co*
+
+ **created**: *eq*
+
+ **modified**: *eq*
+
+ **managementWorkgroup.id**: *eq*
+
+ **description**: *eq*
+
+ **authoritative**: *eq*
+
+ **healthy**: *eq*
+
+ **status**: *eq, in*
+
+ **connectionType**: *eq*
+
+ **connectorName**: *eq*
+ - in: query
+ name: sorters
+ schema:
+ type: string
+ format: comma-separated
+ example: name
+ description: |-
+ Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+
+ Sorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status**
+ - in: query
+ name: for-subadmin
+ schema:
+ type: string
+ example: name
+ description: |-
+ Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user.
+ Subadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned.
+ responses:
+ '200':
+ description: List of Source objects
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: the id of the Source
+ example: 2c91808568c529c60168cca6f90c1324
+ description:
+ type: string
+ description: Human-readable description of the source
+ example: This is the corporate directory.
+ owner:
+ description: Reference to an owning Identity Object
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ cluster:
+ description: Reference to the associated Cluster
+ example:
+ type: CLUSTER
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: Corporate Cluster
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationConfig:
+ description: Reference to a Correlation Config object
+ example:
+ type: ACCOUNT_CORRELATION_CONFIG
+ id: 2c9180855d191c59015d28583727245a
+ name: 'Directory [source-62867] Account Correlation'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationRule:
+ description: 'Reference to a Rule that can do COMPLEX the correlation, should only be used when accountCorrelationConfig can''t be used.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ managerCorrelationMapping:
+ description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity
+ type: object
+ properties:
+ accountAttribute:
+ type: string
+ description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
+ example: manager
+ identityAttribute:
+ type: string
+ description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
+ example: manager
+ managerCorrelationRule:
+ description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ beforeProvisioningRule:
+ description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ schemas:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to Schema objects
+ example:
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232a
+ name: account
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232b
+ name: group
+ passwordPolicies:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to the associated PasswordPolicy objects.
+ example:
+ - type: PASSWORD_POLICY
+ id: 2c9180855d191c59015d291ceb053980
+ name: Corporate Password Policy
+ features:
+ type: array
+ description: Optional features that can be supported by a source.
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ example:
+ - SYNC_PROVISIONING
+ - MANAGER_LOOKUP
+ - SEARCH
+ - PROVISIONING
+ - AUTHENTICATE
+ - GROUP_PROVISIONING
+ - PASSWORD
+ type:
+ type: string
+ description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..'
+ example: OpenLDAP - Direct
+ connector:
+ type: string
+ description: Connector script name.
+ example: active-directory
+ connectorClass:
+ type: string
+ description: The fully qualified name of the Java class that implements the connector interface.
+ example: sailpoint.connector.LDAPConnector
+ connectorAttributes:
+ type: object
+ description: Connector specific configuration; will differ from type to type.
+ example:
+ healthCheckTimeout: 30
+ authSearchAttributes:
+ - cn
+ - uid
+ - mail
+ deleteThreshold:
+ type: integer
+ format: int32
+ description: Number from 0 to 100 that specifies when to skip the delete phase.
+ example: 10
+ authoritative:
+ type: boolean
+ description: When true indicates the source is referenced by an IdentityProfile.
+ example: false
+ managementWorkgroup:
+ description: Reference to Management Workgroup for this Source
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ healthy:
+ type: boolean
+ description: When true indicates a healthy source
+ example: true
+ status:
+ type: string
+ description: 'A status identifier, giving specific information on why a source is healthy or not'
+ example: SOURCE_STATE_HEALTHY
+ since:
+ type: string
+ description: Timestamp showing when a source health check was last performed
+ example: '2021-09-28T15:48:29.3801666300Z'
+ connectorId:
+ type: string
+ description: The id of connector
+ example: active-directory
+ connectorName:
+ type: string
+ description: The name of the connector that was chosen on source creation
+ example: Active Directory
+ connectionType:
+ type: string
+ description: The type of connection (direct or file)
+ example: file
+ connectorImplementstionId:
+ type: string
+ description: The connector implementstion id
+ example: delimited-file
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ post:
+ operationId: createSource
+ tags:
+ - Sources
+ summary: Creates a source in IdentityNow.
+ description: |-
+ This creates a specific source with a full source JSON representation. Any passwords are submitted as plain-text and encrypted upon receipt in IdentityNow.
+ A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
+ parameters:
+ - in: query
+ name: provisionAsCsv
+ description: Configures the source as a DelimitedFile type of source.
+ schema:
+ type: boolean
+ required: false
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: the id of the Source
+ example: 2c91808568c529c60168cca6f90c1324
+ description:
+ type: string
+ description: Human-readable description of the source
+ example: This is the corporate directory.
+ owner:
+ description: Reference to an owning Identity Object
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ cluster:
+ description: Reference to the associated Cluster
+ example:
+ type: CLUSTER
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: Corporate Cluster
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationConfig:
+ description: Reference to a Correlation Config object
+ example:
+ type: ACCOUNT_CORRELATION_CONFIG
+ id: 2c9180855d191c59015d28583727245a
+ name: 'Directory [source-62867] Account Correlation'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationRule:
+ description: 'Reference to a Rule that can do COMPLEX the correlation, should only be used when accountCorrelationConfig can''t be used.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ managerCorrelationMapping:
+ description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity
+ type: object
+ properties:
+ accountAttribute:
+ type: string
+ description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
+ example: manager
+ identityAttribute:
+ type: string
+ description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
+ example: manager
+ managerCorrelationRule:
+ description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ beforeProvisioningRule:
+ description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ schemas:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to Schema objects
+ example:
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232a
+ name: account
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232b
+ name: group
+ passwordPolicies:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to the associated PasswordPolicy objects.
+ example:
+ - type: PASSWORD_POLICY
+ id: 2c9180855d191c59015d291ceb053980
+ name: Corporate Password Policy
+ features:
+ type: array
+ description: Optional features that can be supported by a source.
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ example:
+ - SYNC_PROVISIONING
+ - MANAGER_LOOKUP
+ - SEARCH
+ - PROVISIONING
+ - AUTHENTICATE
+ - GROUP_PROVISIONING
+ - PASSWORD
+ type:
+ type: string
+ description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..'
+ example: OpenLDAP - Direct
+ connector:
+ type: string
+ description: Connector script name.
+ example: active-directory
+ connectorClass:
+ type: string
+ description: The fully qualified name of the Java class that implements the connector interface.
+ example: sailpoint.connector.LDAPConnector
+ connectorAttributes:
+ type: object
+ description: Connector specific configuration; will differ from type to type.
+ example:
+ healthCheckTimeout: 30
+ authSearchAttributes:
+ - cn
+ - uid
+ - mail
+ deleteThreshold:
+ type: integer
+ format: int32
+ description: Number from 0 to 100 that specifies when to skip the delete phase.
+ example: 10
+ authoritative:
+ type: boolean
+ description: When true indicates the source is referenced by an IdentityProfile.
+ example: false
+ managementWorkgroup:
+ description: Reference to Management Workgroup for this Source
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ healthy:
+ type: boolean
+ description: When true indicates a healthy source
+ example: true
+ status:
+ type: string
+ description: 'A status identifier, giving specific information on why a source is healthy or not'
+ example: SOURCE_STATE_HEALTHY
+ since:
+ type: string
+ description: Timestamp showing when a source health check was last performed
+ example: '2021-09-28T15:48:29.3801666300Z'
+ connectorId:
+ type: string
+ description: The id of connector
+ example: active-directory
+ connectorName:
+ type: string
+ description: The name of the connector that was chosen on source creation
+ example: Active Directory
+ connectionType:
+ type: string
+ description: The type of connection (direct or file)
+ example: file
+ connectorImplementstionId:
+ type: string
+ description: The connector implementstion id
+ example: delimited-file
+ responses:
+ '201':
+ description: 'Created Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: the id of the Source
+ example: 2c91808568c529c60168cca6f90c1324
+ description:
+ type: string
+ description: Human-readable description of the source
+ example: This is the corporate directory.
+ owner:
+ description: Reference to an owning Identity Object
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ cluster:
+ description: Reference to the associated Cluster
+ example:
+ type: CLUSTER
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: Corporate Cluster
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationConfig:
+ description: Reference to a Correlation Config object
+ example:
+ type: ACCOUNT_CORRELATION_CONFIG
+ id: 2c9180855d191c59015d28583727245a
+ name: 'Directory [source-62867] Account Correlation'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationRule:
+ description: 'Reference to a Rule that can do COMPLEX the correlation, should only be used when accountCorrelationConfig can''t be used.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ managerCorrelationMapping:
+ description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity
+ type: object
+ properties:
+ accountAttribute:
+ type: string
+ description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
+ example: manager
+ identityAttribute:
+ type: string
+ description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
+ example: manager
+ managerCorrelationRule:
+ description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ beforeProvisioningRule:
+ description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ schemas:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to Schema objects
+ example:
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232a
+ name: account
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232b
+ name: group
+ passwordPolicies:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to the associated PasswordPolicy objects.
+ example:
+ - type: PASSWORD_POLICY
+ id: 2c9180855d191c59015d291ceb053980
+ name: Corporate Password Policy
+ features:
+ type: array
+ description: Optional features that can be supported by a source.
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ example:
+ - SYNC_PROVISIONING
+ - MANAGER_LOOKUP
+ - SEARCH
+ - PROVISIONING
+ - AUTHENTICATE
+ - GROUP_PROVISIONING
+ - PASSWORD
+ type:
+ type: string
+ description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..'
+ example: OpenLDAP - Direct
+ connector:
+ type: string
+ description: Connector script name.
+ example: active-directory
+ connectorClass:
+ type: string
+ description: The fully qualified name of the Java class that implements the connector interface.
+ example: sailpoint.connector.LDAPConnector
+ connectorAttributes:
+ type: object
+ description: Connector specific configuration; will differ from type to type.
+ example:
+ healthCheckTimeout: 30
+ authSearchAttributes:
+ - cn
+ - uid
+ - mail
+ deleteThreshold:
+ type: integer
+ format: int32
+ description: Number from 0 to 100 that specifies when to skip the delete phase.
+ example: 10
+ authoritative:
+ type: boolean
+ description: When true indicates the source is referenced by an IdentityProfile.
+ example: false
+ managementWorkgroup:
+ description: Reference to Management Workgroup for this Source
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ healthy:
+ type: boolean
+ description: When true indicates a healthy source
+ example: true
+ status:
+ type: string
+ description: 'A status identifier, giving specific information on why a source is healthy or not'
+ example: SOURCE_STATE_HEALTHY
+ since:
+ type: string
+ description: Timestamp showing when a source health check was last performed
+ example: '2021-09-28T15:48:29.3801666300Z'
+ connectorId:
+ type: string
+ description: The id of connector
+ example: active-directory
+ connectorName:
+ type: string
+ description: The name of the connector that was chosen on source creation
+ example: Active Directory
+ connectionType:
+ type: string
+ description: The type of connection (direct or file)
+ example: file
+ connectorImplementstionId:
+ type: string
+ description: The connector implementstion id
+ example: delimited-file
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/sources/{id}':
+ get:
+ operationId: getSource
+ tags:
+ - Sources
+ summary: Get Source by ID
+ description: |-
+ This end-point gets a specific source in IdentityNow.
+ A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The Source id
+ example: 2c9180835d191a86015d28455b4a2329
+ responses:
+ '200':
+ description: A Source object
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: the id of the Source
+ example: 2c91808568c529c60168cca6f90c1324
+ description:
+ type: string
+ description: Human-readable description of the source
+ example: This is the corporate directory.
+ owner:
+ description: Reference to an owning Identity Object
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ cluster:
+ description: Reference to the associated Cluster
+ example:
+ type: CLUSTER
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: Corporate Cluster
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationConfig:
+ description: Reference to a Correlation Config object
+ example:
+ type: ACCOUNT_CORRELATION_CONFIG
+ id: 2c9180855d191c59015d28583727245a
+ name: 'Directory [source-62867] Account Correlation'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationRule:
+ description: 'Reference to a Rule that can do COMPLEX the correlation, should only be used when accountCorrelationConfig can''t be used.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ managerCorrelationMapping:
+ description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity
+ type: object
+ properties:
+ accountAttribute:
+ type: string
+ description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
+ example: manager
+ identityAttribute:
+ type: string
+ description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
+ example: manager
+ managerCorrelationRule:
+ description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ beforeProvisioningRule:
+ description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ schemas:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to Schema objects
+ example:
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232a
+ name: account
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232b
+ name: group
+ passwordPolicies:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to the associated PasswordPolicy objects.
+ example:
+ - type: PASSWORD_POLICY
+ id: 2c9180855d191c59015d291ceb053980
+ name: Corporate Password Policy
+ features:
+ type: array
+ description: Optional features that can be supported by a source.
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ example:
+ - SYNC_PROVISIONING
+ - MANAGER_LOOKUP
+ - SEARCH
+ - PROVISIONING
+ - AUTHENTICATE
+ - GROUP_PROVISIONING
+ - PASSWORD
+ type:
+ type: string
+ description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..'
+ example: OpenLDAP - Direct
+ connector:
+ type: string
+ description: Connector script name.
+ example: active-directory
+ connectorClass:
+ type: string
+ description: The fully qualified name of the Java class that implements the connector interface.
+ example: sailpoint.connector.LDAPConnector
+ connectorAttributes:
+ type: object
+ description: Connector specific configuration; will differ from type to type.
+ example:
+ healthCheckTimeout: 30
+ authSearchAttributes:
+ - cn
+ - uid
+ - mail
+ deleteThreshold:
+ type: integer
+ format: int32
+ description: Number from 0 to 100 that specifies when to skip the delete phase.
+ example: 10
+ authoritative:
+ type: boolean
+ description: When true indicates the source is referenced by an IdentityProfile.
+ example: false
+ managementWorkgroup:
+ description: Reference to Management Workgroup for this Source
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ healthy:
+ type: boolean
+ description: When true indicates a healthy source
+ example: true
+ status:
+ type: string
+ description: 'A status identifier, giving specific information on why a source is healthy or not'
+ example: SOURCE_STATE_HEALTHY
+ since:
+ type: string
+ description: Timestamp showing when a source health check was last performed
+ example: '2021-09-28T15:48:29.3801666300Z'
+ connectorId:
+ type: string
+ description: The id of connector
+ example: active-directory
+ connectorName:
+ type: string
+ description: The name of the connector that was chosen on source creation
+ example: Active Directory
+ connectionType:
+ type: string
+ description: The type of connection (direct or file)
+ example: file
+ connectorImplementstionId:
+ type: string
+ description: The connector implementstion id
+ example: delimited-file
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ put:
+ operationId: replaceSource
+ tags:
+ - Sources
+ summary: Update Source (Full)
+ description: |
+ This API updates a source in IdentityNow, using a full object representation. In other words, the existing Source
+ configuration is completely replaced.
+
+ Some fields are immutable and cannot be changed, such as:
+
+ * id
+ * type
+ * authoritative
+ * connector
+ * connectorClass
+ * passwordPolicies
+
+ Attempts to modify these fields will result in a 400 error.
+
+ A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The Source id
+ example: 2c9180835d191a86015d28455b4a2329
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: the id of the Source
+ example: 2c91808568c529c60168cca6f90c1324
+ description:
+ type: string
+ description: Human-readable description of the source
+ example: This is the corporate directory.
+ owner:
+ description: Reference to an owning Identity Object
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ cluster:
+ description: Reference to the associated Cluster
+ example:
+ type: CLUSTER
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: Corporate Cluster
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationConfig:
+ description: Reference to a Correlation Config object
+ example:
+ type: ACCOUNT_CORRELATION_CONFIG
+ id: 2c9180855d191c59015d28583727245a
+ name: 'Directory [source-62867] Account Correlation'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationRule:
+ description: 'Reference to a Rule that can do COMPLEX the correlation, should only be used when accountCorrelationConfig can''t be used.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ managerCorrelationMapping:
+ description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity
+ type: object
+ properties:
+ accountAttribute:
+ type: string
+ description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
+ example: manager
+ identityAttribute:
+ type: string
+ description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
+ example: manager
+ managerCorrelationRule:
+ description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ beforeProvisioningRule:
+ description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ schemas:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to Schema objects
+ example:
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232a
+ name: account
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232b
+ name: group
+ passwordPolicies:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to the associated PasswordPolicy objects.
+ example:
+ - type: PASSWORD_POLICY
+ id: 2c9180855d191c59015d291ceb053980
+ name: Corporate Password Policy
+ features:
+ type: array
+ description: Optional features that can be supported by a source.
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ example:
+ - SYNC_PROVISIONING
+ - MANAGER_LOOKUP
+ - SEARCH
+ - PROVISIONING
+ - AUTHENTICATE
+ - GROUP_PROVISIONING
+ - PASSWORD
+ type:
+ type: string
+ description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..'
+ example: OpenLDAP - Direct
+ connector:
+ type: string
+ description: Connector script name.
+ example: active-directory
+ connectorClass:
+ type: string
+ description: The fully qualified name of the Java class that implements the connector interface.
+ example: sailpoint.connector.LDAPConnector
+ connectorAttributes:
+ type: object
+ description: Connector specific configuration; will differ from type to type.
+ example:
+ healthCheckTimeout: 30
+ authSearchAttributes:
+ - cn
+ - uid
+ - mail
+ deleteThreshold:
+ type: integer
+ format: int32
+ description: Number from 0 to 100 that specifies when to skip the delete phase.
+ example: 10
+ authoritative:
+ type: boolean
+ description: When true indicates the source is referenced by an IdentityProfile.
+ example: false
+ managementWorkgroup:
+ description: Reference to Management Workgroup for this Source
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ healthy:
+ type: boolean
+ description: When true indicates a healthy source
+ example: true
+ status:
+ type: string
+ description: 'A status identifier, giving specific information on why a source is healthy or not'
+ example: SOURCE_STATE_HEALTHY
+ since:
+ type: string
+ description: Timestamp showing when a source health check was last performed
+ example: '2021-09-28T15:48:29.3801666300Z'
+ connectorId:
+ type: string
+ description: The id of connector
+ example: active-directory
+ connectorName:
+ type: string
+ description: The name of the connector that was chosen on source creation
+ example: Active Directory
+ connectionType:
+ type: string
+ description: The type of connection (direct or file)
+ example: file
+ connectorImplementstionId:
+ type: string
+ description: The connector implementstion id
+ example: delimited-file
+ responses:
+ '200':
+ description: 'Updated Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: the id of the Source
+ example: 2c91808568c529c60168cca6f90c1324
+ description:
+ type: string
+ description: Human-readable description of the source
+ example: This is the corporate directory.
+ owner:
+ description: Reference to an owning Identity Object
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ cluster:
+ description: Reference to the associated Cluster
+ example:
+ type: CLUSTER
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: Corporate Cluster
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationConfig:
+ description: Reference to a Correlation Config object
+ example:
+ type: ACCOUNT_CORRELATION_CONFIG
+ id: 2c9180855d191c59015d28583727245a
+ name: 'Directory [source-62867] Account Correlation'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationRule:
+ description: 'Reference to a Rule that can do COMPLEX the correlation, should only be used when accountCorrelationConfig can''t be used.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ managerCorrelationMapping:
+ description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity
+ type: object
+ properties:
+ accountAttribute:
+ type: string
+ description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
+ example: manager
+ identityAttribute:
+ type: string
+ description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
+ example: manager
+ managerCorrelationRule:
+ description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ beforeProvisioningRule:
+ description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ schemas:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to Schema objects
+ example:
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232a
+ name: account
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232b
+ name: group
+ passwordPolicies:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to the associated PasswordPolicy objects.
+ example:
+ - type: PASSWORD_POLICY
+ id: 2c9180855d191c59015d291ceb053980
+ name: Corporate Password Policy
+ features:
+ type: array
+ description: Optional features that can be supported by a source.
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ example:
+ - SYNC_PROVISIONING
+ - MANAGER_LOOKUP
+ - SEARCH
+ - PROVISIONING
+ - AUTHENTICATE
+ - GROUP_PROVISIONING
+ - PASSWORD
+ type:
+ type: string
+ description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..'
+ example: OpenLDAP - Direct
+ connector:
+ type: string
+ description: Connector script name.
+ example: active-directory
+ connectorClass:
+ type: string
+ description: The fully qualified name of the Java class that implements the connector interface.
+ example: sailpoint.connector.LDAPConnector
+ connectorAttributes:
+ type: object
+ description: Connector specific configuration; will differ from type to type.
+ example:
+ healthCheckTimeout: 30
+ authSearchAttributes:
+ - cn
+ - uid
+ - mail
+ deleteThreshold:
+ type: integer
+ format: int32
+ description: Number from 0 to 100 that specifies when to skip the delete phase.
+ example: 10
+ authoritative:
+ type: boolean
+ description: When true indicates the source is referenced by an IdentityProfile.
+ example: false
+ managementWorkgroup:
+ description: Reference to Management Workgroup for this Source
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ healthy:
+ type: boolean
+ description: When true indicates a healthy source
+ example: true
+ status:
+ type: string
+ description: 'A status identifier, giving specific information on why a source is healthy or not'
+ example: SOURCE_STATE_HEALTHY
+ since:
+ type: string
+ description: Timestamp showing when a source health check was last performed
+ example: '2021-09-28T15:48:29.3801666300Z'
+ connectorId:
+ type: string
+ description: The id of connector
+ example: active-directory
+ connectorName:
+ type: string
+ description: The name of the connector that was chosen on source creation
+ example: Active Directory
+ connectionType:
+ type: string
+ description: The type of connection (direct or file)
+ example: file
+ connectorImplementstionId:
+ type: string
+ description: The connector implementstion id
+ example: delimited-file
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ patch:
+ operationId: updateSource
+ tags:
+ - Sources
+ summary: Update Source (Partial)
+ description: |
+ This API partially updates a source in IdentityNow, using a list of patch operations according to the
+ [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
+
+ Some fields are immutable and cannot be changed, such as:
+
+ * id
+ * type
+ * authoritative
+ * created
+ * modified
+ * connector
+ * connectorClass
+ * passwordPolicies
+
+ Attempts to modify these fields will result in a 400 error.
+
+ A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or API authority is required to call this API.
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The Source id
+ example: 2c9180835d191a86015d28455b4a2329
+ requestBody:
+ required: true
+ description: 'A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Any password changes are submitted as plain-text and encrypted upon receipt in IdentityNow.'
+ content:
+ application/json-patch+json:
+ schema:
+ type: array
+ items:
+ type: object
+ description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
+ required:
+ - op
+ - path
+ properties:
+ op:
+ type: string
+ description: The operation to be performed
+ enum:
+ - add
+ - remove
+ - replace
+ - move
+ - copy
+ - test
+ example: replace
+ path:
+ type: string
+ description: A string JSON Pointer representing the target path to an element to be affected by the operation
+ example: /description
+ value:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ - type: array
+ items:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ description: 'The value to be used for the operation, required for "add" and "replace" operations'
+ example: New description
+ examples:
+ Edit the source description:
+ description: This example shows how to edit a source description.
+ value:
+ - op: replace
+ path: /description
+ value: new description
+ Edit the source cluster:
+ description: This example shows how to edit a source cluster by id.
+ value:
+ - op: replace
+ path: /cluster/id
+ value: 2c918087813a902001813f3f85736b45
+ Edit source features:
+ description: This example illustrates how you can update source supported features
+ value:
+ - op: replace
+ path: /features
+ value:
+ - PASSWORD
+ - PROVISIONING
+ - ENABLE
+ - AUTHENTICATE
+ Change a source description and cluster in One Call:
+ description: This example shows how multiple fields may be updated with a single patch call.
+ value:
+ - op: replace
+ path: /description
+ value: new description
+ - op: replace
+ path: /cluster/id
+ value: 2c918087813a902001813f3f85736b45
+ Add a filter string to the connector:
+ description: 'This example shows how you can add a filter to incoming accounts during the account aggregation process. In the example below, any account that does not have an "m" or "d" in the id will be aggregated.'
+ value:
+ - op: add
+ path: /connectorAttributes/filterString
+ value: '!( id.contains( "m" ) ) || !( id.contains( "d" ) )'
+ Update connector attribute for specific operation type:
+ description: This example shows how you can update the 3rd object in the connection parameters operationType. This will change it from a standard group aggregation to a group aggregation on the "test" entitlement type
+ value:
+ - op: replace
+ path: /connectorAttributes/connectionParameters/2/operationType
+ value: Group Aggregation-test
+ responses:
+ '200':
+ description: 'Updated Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: the id of the Source
+ example: 2c91808568c529c60168cca6f90c1324
+ description:
+ type: string
+ description: Human-readable description of the source
+ example: This is the corporate directory.
+ owner:
+ description: Reference to an owning Identity Object
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ cluster:
+ description: Reference to the associated Cluster
+ example:
+ type: CLUSTER
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: Corporate Cluster
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationConfig:
+ description: Reference to a Correlation Config object
+ example:
+ type: ACCOUNT_CORRELATION_CONFIG
+ id: 2c9180855d191c59015d28583727245a
+ name: 'Directory [source-62867] Account Correlation'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationRule:
+ description: 'Reference to a Rule that can do COMPLEX the correlation, should only be used when accountCorrelationConfig can''t be used.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ managerCorrelationMapping:
+ description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity
+ type: object
+ properties:
+ accountAttribute:
+ type: string
+ description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
+ example: manager
+ identityAttribute:
+ type: string
+ description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
+ example: manager
+ managerCorrelationRule:
+ description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ beforeProvisioningRule:
+ description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ schemas:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to Schema objects
+ example:
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232a
+ name: account
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232b
+ name: group
+ passwordPolicies:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to the associated PasswordPolicy objects.
+ example:
+ - type: PASSWORD_POLICY
+ id: 2c9180855d191c59015d291ceb053980
+ name: Corporate Password Policy
+ features:
+ type: array
+ description: Optional features that can be supported by a source.
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ example:
+ - SYNC_PROVISIONING
+ - MANAGER_LOOKUP
+ - SEARCH
+ - PROVISIONING
+ - AUTHENTICATE
+ - GROUP_PROVISIONING
+ - PASSWORD
+ type:
+ type: string
+ description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..'
+ example: OpenLDAP - Direct
+ connector:
+ type: string
+ description: Connector script name.
+ example: active-directory
+ connectorClass:
+ type: string
+ description: The fully qualified name of the Java class that implements the connector interface.
+ example: sailpoint.connector.LDAPConnector
+ connectorAttributes:
+ type: object
+ description: Connector specific configuration; will differ from type to type.
+ example:
+ healthCheckTimeout: 30
+ authSearchAttributes:
+ - cn
+ - uid
+ - mail
+ deleteThreshold:
+ type: integer
+ format: int32
+ description: Number from 0 to 100 that specifies when to skip the delete phase.
+ example: 10
+ authoritative:
+ type: boolean
+ description: When true indicates the source is referenced by an IdentityProfile.
+ example: false
+ managementWorkgroup:
+ description: Reference to Management Workgroup for this Source
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ healthy:
+ type: boolean
+ description: When true indicates a healthy source
+ example: true
+ status:
+ type: string
+ description: 'A status identifier, giving specific information on why a source is healthy or not'
+ example: SOURCE_STATE_HEALTHY
+ since:
+ type: string
+ description: Timestamp showing when a source health check was last performed
+ example: '2021-09-28T15:48:29.3801666300Z'
+ connectorId:
+ type: string
+ description: The id of connector
+ example: active-directory
+ connectorName:
+ type: string
+ description: The name of the connector that was chosen on source creation
+ example: Active Directory
+ connectionType:
+ type: string
+ description: The type of connection (direct or file)
+ example: file
+ connectorImplementstionId:
+ type: string
+ description: The connector implementstion id
+ example: delimited-file
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ delete:
+ operationId: deleteSource
+ tags:
+ - Sources
+ summary: Delete Source by ID
+ description: |-
+ This end-point deletes a specific source in IdentityNow.
+ A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
+ All of accounts on the source will be removed first, then the source will be deleted. Actual status of task execution can be retrieved via method GET `/task-status/{id}`
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The Source id
+ example: 2c9180835d191a86015d28455b4a2329
+ responses:
+ '202':
+ description: Accepted - Returned if the request was successfully accepted into the system.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ examples:
+ deleteSource:
+ summary: Response returned when deleting a source
+ value:
+ type: TASK_RESULT
+ id: 2c91808779ecf55b0179f720942f181a
+ name: null
+ links:
+ GetTaskStatusById:
+ operationId: getTaskStatus
+ parameters:
+ id: $response.body#/id
+ description: |
+ The `id` value returned in the response can be used as the `id` parameter in `GET /task-status/{id}`.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/sources/{sourceId}/provisioning-policies':
+ get:
+ operationId: listProvisioningPolicies
+ tags:
+ - Sources
+ summary: Lists ProvisioningPolicies
+ description: |-
+ This end-point lists all the ProvisioningPolicies in IdentityNow.
+ A token with API, or ORG_ADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:provisioning-policy-list:read'
+ parameters:
+ - in: path
+ name: sourceId
+ required: true
+ schema:
+ type: string
+ description: The Source id
+ example: 2c9180835d191a86015d28455b4a2329
+ responses:
+ '200':
+ description: List of ProvisioningPolicyDto objects
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description:
+ type: string
+ usageType:
+ type: string
+ nullable: false
+ enum:
+ - CREATE
+ - UPDATE
+ - DELETE
+ - ASSIGN
+ - UNASSIGN
+ - CREATE_GROUP
+ - UPDATE_GROUP
+ - DELETE_GROUP
+ - REGISTER
+ - CREATE_IDENTITY
+ - UPDATE_IDENTITY
+ - EDIT_GROUP
+ - ENABLE
+ - DISABLE
+ - UNLOCK
+ - CHANGE_PASSWORD
+ fields:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: userName
+ transform:
+ type: object
+ description: The transform to apply to the field
+ example:
+ type: rule
+ attributes:
+ name: Create Unique LDAP Attribute
+ default: {}
+ attributes:
+ type: object
+ description: Attributes required for the transform
+ example:
+ template: '${firstname}.${lastname}${uniqueCounter}'
+ cloudMaxUniqueChecks: '50'
+ cloudMaxSize: '20'
+ cloudRequired: 'true'
+ isRequired:
+ type: boolean
+ readOnly: true
+ description: Flag indicating whether or not the attribute is required.
+ default: false
+ example: false
+ type:
+ type: string
+ description: The type of the attribute.
+ example: string
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ default: false
+ example: false
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ post:
+ operationId: createProvisioningPolicy
+ tags:
+ - Sources
+ summary: Create Provisioning Policy
+ description: |-
+ This API generates a create policy/template based on field value transforms. This API is intended for use when setting up JDBC Provisioning type sources, but it will also work on other source types.
+ A token with ORG_ADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:provisioning-policy:create'
+ parameters:
+ - in: path
+ name: sourceId
+ required: true
+ schema:
+ type: string
+ description: The Source id
+ example: 2c9180835d191a86015d28455b4a2329
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description:
+ type: string
+ usageType:
+ type: string
+ nullable: false
+ enum:
+ - CREATE
+ - UPDATE
+ - DELETE
+ - ASSIGN
+ - UNASSIGN
+ - CREATE_GROUP
+ - UPDATE_GROUP
+ - DELETE_GROUP
+ - REGISTER
+ - CREATE_IDENTITY
+ - UPDATE_IDENTITY
+ - EDIT_GROUP
+ - ENABLE
+ - DISABLE
+ - UNLOCK
+ - CHANGE_PASSWORD
+ fields:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: userName
+ transform:
+ type: object
+ description: The transform to apply to the field
+ example:
+ type: rule
+ attributes:
+ name: Create Unique LDAP Attribute
+ default: {}
+ attributes:
+ type: object
+ description: Attributes required for the transform
+ example:
+ template: '${firstname}.${lastname}${uniqueCounter}'
+ cloudMaxUniqueChecks: '50'
+ cloudMaxSize: '20'
+ cloudRequired: 'true'
+ isRequired:
+ type: boolean
+ readOnly: true
+ description: Flag indicating whether or not the attribute is required.
+ default: false
+ example: false
+ type:
+ type: string
+ description: The type of the attribute.
+ example: string
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ default: false
+ example: false
+ examples:
+ Create Account Provisioning Policy:
+ value:
+ name: Account
+ description: Account Provisioning Policy
+ usageType: CREATE
+ fields:
+ - name: displayName
+ transform:
+ type: identityAttribute
+ attributes:
+ name: displayName
+ attributes: {}
+ isRequired: false
+ type: string
+ isMultiValued: false
+ - name: distinguishedName
+ transform:
+ type: usernameGenerator
+ attributes:
+ sourceCheck: true
+ patterns:
+ - 'CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
+ - 'CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
+ - 'CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
+ - 'CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com'
+ fn:
+ type: identityAttribute
+ attributes:
+ name: firstname
+ ln:
+ type: identityAttribute
+ attributes:
+ name: lastname
+ fi:
+ type: substring
+ attributes:
+ input:
+ type: identityAttribute
+ attributes:
+ name: firstname
+ begin: 0
+ end: 1
+ fti:
+ type: substring
+ attributes:
+ input:
+ type: identityAttribute
+ attributes:
+ name: firstname
+ begin: 0
+ end: 2
+ attributes:
+ cloudMaxUniqueChecks: '5'
+ cloudMaxSize: '100'
+ cloudRequired: 'true'
+ isRequired: false
+ type: ''
+ isMultiValued: false
+ - name: description
+ transform:
+ type: static
+ attributes:
+ value: ''
+ attributes: {}
+ isRequired: false
+ type: string
+ isMultiValued: false
+ responses:
+ '201':
+ description: Created ProvisioningPolicyDto object
+ content:
+ application/json:
+ schema:
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description:
+ type: string
+ usageType:
+ type: string
+ nullable: false
+ enum:
+ - CREATE
+ - UPDATE
+ - DELETE
+ - ASSIGN
+ - UNASSIGN
+ - CREATE_GROUP
+ - UPDATE_GROUP
+ - DELETE_GROUP
+ - REGISTER
+ - CREATE_IDENTITY
+ - UPDATE_IDENTITY
+ - EDIT_GROUP
+ - ENABLE
+ - DISABLE
+ - UNLOCK
+ - CHANGE_PASSWORD
+ fields:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: userName
+ transform:
+ type: object
+ description: The transform to apply to the field
+ example:
+ type: rule
+ attributes:
+ name: Create Unique LDAP Attribute
+ default: {}
+ attributes:
+ type: object
+ description: Attributes required for the transform
+ example:
+ template: '${firstname}.${lastname}${uniqueCounter}'
+ cloudMaxUniqueChecks: '50'
+ cloudMaxSize: '20'
+ cloudRequired: 'true'
+ isRequired:
+ type: boolean
+ readOnly: true
+ description: Flag indicating whether or not the attribute is required.
+ default: false
+ example: false
+ type:
+ type: string
+ description: The type of the attribute.
+ example: string
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ default: false
+ example: false
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/sources/{sourceId}/provisioning-policies/{usageType}':
+ get:
+ operationId: getProvisioningPolicy
+ tags:
+ - Sources
+ summary: Get Provisioning Policy by UsageType
+ description: |-
+ This end-point retrieves the ProvisioningPolicy with the specified usage on the specified Source in IdentityNow.
+ A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:provisioning-policy:read'
+ parameters:
+ - in: path
+ name: sourceId
+ required: true
+ schema:
+ type: string
+ description: The Source ID.
+ example: 2c9180835d191a86015d28455b4a2329
+ - in: path
+ name: usageType
+ required: true
+ schema:
+ type: string
+ nullable: false
+ enum:
+ - CREATE
+ - UPDATE
+ - DELETE
+ - ASSIGN
+ - UNASSIGN
+ - CREATE_GROUP
+ - UPDATE_GROUP
+ - DELETE_GROUP
+ - REGISTER
+ - CREATE_IDENTITY
+ - UPDATE_IDENTITY
+ - EDIT_GROUP
+ - ENABLE
+ - DISABLE
+ - UNLOCK
+ - CHANGE_PASSWORD
+ description: The type of ProvisioningPolicy usage.
+ example: REGISTER
+ responses:
+ '200':
+ description: The requested ProvisioningPolicyDto was successfully retrieved.
+ content:
+ application/json:
+ schema:
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description:
+ type: string
+ usageType:
+ type: string
+ nullable: false
+ enum:
+ - CREATE
+ - UPDATE
+ - DELETE
+ - ASSIGN
+ - UNASSIGN
+ - CREATE_GROUP
+ - UPDATE_GROUP
+ - DELETE_GROUP
+ - REGISTER
+ - CREATE_IDENTITY
+ - UPDATE_IDENTITY
+ - EDIT_GROUP
+ - ENABLE
+ - DISABLE
+ - UNLOCK
+ - CHANGE_PASSWORD
+ fields:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: userName
+ transform:
+ type: object
+ description: The transform to apply to the field
+ example:
+ type: rule
+ attributes:
+ name: Create Unique LDAP Attribute
+ default: {}
+ attributes:
+ type: object
+ description: Attributes required for the transform
+ example:
+ template: '${firstname}.${lastname}${uniqueCounter}'
+ cloudMaxUniqueChecks: '50'
+ cloudMaxSize: '20'
+ cloudRequired: 'true'
+ isRequired:
+ type: boolean
+ readOnly: true
+ description: Flag indicating whether or not the attribute is required.
+ default: false
+ example: false
+ type:
+ type: string
+ description: The type of the attribute.
+ example: string
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ default: false
+ example: false
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ put:
+ operationId: replaceProvisioningPolicy
+ tags:
+ - Sources
+ summary: Update Provisioning Policy by UsageType
+ description: |-
+ This end-point updates the provisioning policy with the specified usage on the specified source in IdentityNow.
+ A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:provisioning-policy:update'
+ parameters:
+ - in: path
+ name: sourceId
+ required: true
+ schema:
+ type: string
+ description: The Source ID.
+ example: 2c9180835d191a86015d28455b4a2329
+ - in: path
+ name: usageType
+ required: true
+ schema:
+ type: string
+ nullable: false
+ enum:
+ - CREATE
+ - UPDATE
+ - DELETE
+ - ASSIGN
+ - UNASSIGN
+ - CREATE_GROUP
+ - UPDATE_GROUP
+ - DELETE_GROUP
+ - REGISTER
+ - CREATE_IDENTITY
+ - UPDATE_IDENTITY
+ - EDIT_GROUP
+ - ENABLE
+ - DISABLE
+ - UNLOCK
+ - CHANGE_PASSWORD
+ description: The type of ProvisioningPolicy usage.
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description:
+ type: string
+ usageType:
+ type: string
+ nullable: false
+ enum:
+ - CREATE
+ - UPDATE
+ - DELETE
+ - ASSIGN
+ - UNASSIGN
+ - CREATE_GROUP
+ - UPDATE_GROUP
+ - DELETE_GROUP
+ - REGISTER
+ - CREATE_IDENTITY
+ - UPDATE_IDENTITY
+ - EDIT_GROUP
+ - ENABLE
+ - DISABLE
+ - UNLOCK
+ - CHANGE_PASSWORD
+ fields:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: userName
+ transform:
+ type: object
+ description: The transform to apply to the field
+ example:
+ type: rule
+ attributes:
+ name: Create Unique LDAP Attribute
+ default: {}
+ attributes:
+ type: object
+ description: Attributes required for the transform
+ example:
+ template: '${firstname}.${lastname}${uniqueCounter}'
+ cloudMaxUniqueChecks: '50'
+ cloudMaxSize: '20'
+ cloudRequired: 'true'
+ isRequired:
+ type: boolean
+ readOnly: true
+ description: Flag indicating whether or not the attribute is required.
+ default: false
+ example: false
+ type:
+ type: string
+ description: The type of the attribute.
+ example: string
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ default: false
+ example: false
+ responses:
+ '200':
+ description: The ProvisioningPolicyDto was successfully replaced.
+ content:
+ application/json:
+ schema:
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description:
+ type: string
+ usageType:
+ type: string
+ nullable: false
+ enum:
+ - CREATE
+ - UPDATE
+ - DELETE
+ - ASSIGN
+ - UNASSIGN
+ - CREATE_GROUP
+ - UPDATE_GROUP
+ - DELETE_GROUP
+ - REGISTER
+ - CREATE_IDENTITY
+ - UPDATE_IDENTITY
+ - EDIT_GROUP
+ - ENABLE
+ - DISABLE
+ - UNLOCK
+ - CHANGE_PASSWORD
+ fields:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: userName
+ transform:
+ type: object
+ description: The transform to apply to the field
+ example:
+ type: rule
+ attributes:
+ name: Create Unique LDAP Attribute
+ default: {}
+ attributes:
+ type: object
+ description: Attributes required for the transform
+ example:
+ template: '${firstname}.${lastname}${uniqueCounter}'
+ cloudMaxUniqueChecks: '50'
+ cloudMaxSize: '20'
+ cloudRequired: 'true'
+ isRequired:
+ type: boolean
+ readOnly: true
+ description: Flag indicating whether or not the attribute is required.
+ default: false
+ example: false
+ type:
+ type: string
+ description: The type of the attribute.
+ example: string
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ default: false
+ example: false
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ patch:
+ operationId: updateProvisioningPolicy
+ tags:
+ - Sources
+ summary: Partial update of Provisioning Policy
+ description: |-
+ This API selectively updates an existing Provisioning Policy using a JSONPatch payload.
+ A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:provisioning-policy:update'
+ parameters:
+ - in: path
+ name: sourceId
+ required: true
+ schema:
+ type: string
+ description: The Source id.
+ example: 2c9180835d191a86015d28455b4a2329
+ - in: path
+ name: usageType
+ required: true
+ schema:
+ type: string
+ nullable: false
+ enum:
+ - CREATE
+ - UPDATE
+ - DELETE
+ - ASSIGN
+ - UNASSIGN
+ - CREATE_GROUP
+ - UPDATE_GROUP
+ - DELETE_GROUP
+ - REGISTER
+ - CREATE_IDENTITY
+ - UPDATE_IDENTITY
+ - EDIT_GROUP
+ - ENABLE
+ - DISABLE
+ - UNLOCK
+ - CHANGE_PASSWORD
+ description: The type of ProvisioningPolicy usage.
+ requestBody:
+ required: true
+ description: The JSONPatch payload used to update the schema.
+ content:
+ application/json-patch+json:
+ schema:
+ type: array
+ items:
+ type: object
+ description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
+ required:
+ - op
+ - path
+ properties:
+ op:
+ type: string
+ description: The operation to be performed
+ enum:
+ - add
+ - remove
+ - replace
+ - move
+ - copy
+ - test
+ example: replace
+ path:
+ type: string
+ description: A string JSON Pointer representing the target path to an element to be affected by the operation
+ example: /description
+ value:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ - type: array
+ items:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ description: 'The value to be used for the operation, required for "add" and "replace" operations'
+ example: New description
+ examples:
+ add-field:
+ summary: Add a field to the beginning of the list
+ value:
+ - op: add
+ path: /fields/0
+ value:
+ name: email
+ transform:
+ type: identityAttribute
+ attributes:
+ name: email
+ attributes: {}
+ isRequired: false
+ type: string
+ isMultiValued: false
+ responses:
+ '200':
+ description: The ProvisioningPolicyDto was successfully updated.
+ content:
+ application/json:
+ schema:
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description:
+ type: string
+ usageType:
+ type: string
+ nullable: false
+ enum:
+ - CREATE
+ - UPDATE
+ - DELETE
+ - ASSIGN
+ - UNASSIGN
+ - CREATE_GROUP
+ - UPDATE_GROUP
+ - DELETE_GROUP
+ - REGISTER
+ - CREATE_IDENTITY
+ - UPDATE_IDENTITY
+ - EDIT_GROUP
+ - ENABLE
+ - DISABLE
+ - UNLOCK
+ - CHANGE_PASSWORD
+ fields:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: userName
+ transform:
+ type: object
+ description: The transform to apply to the field
+ example:
+ type: rule
+ attributes:
+ name: Create Unique LDAP Attribute
+ default: {}
+ attributes:
+ type: object
+ description: Attributes required for the transform
+ example:
+ template: '${firstname}.${lastname}${uniqueCounter}'
+ cloudMaxUniqueChecks: '50'
+ cloudMaxSize: '20'
+ cloudRequired: 'true'
+ isRequired:
+ type: boolean
+ readOnly: true
+ description: Flag indicating whether or not the attribute is required.
+ default: false
+ example: false
+ type:
+ type: string
+ description: The type of the attribute.
+ example: string
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ default: false
+ example: false
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ delete:
+ operationId: deleteProvisioningPolicy
+ tags:
+ - Sources
+ summary: Delete Provisioning Policy by UsageType
+ description: |-
+ Deletes the provisioning policy with the specified usage on an application.
+ A token with API, or ORG_ADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:provisioning-policy:delete'
+ parameters:
+ - in: path
+ name: sourceId
+ required: true
+ schema:
+ type: string
+ description: The Source ID.
+ example: 2c9180835d191a86015d28455b4a2329
+ - in: path
+ name: usageType
+ required: true
+ schema:
+ type: string
+ nullable: false
+ enum:
+ - CREATE
+ - UPDATE
+ - DELETE
+ - ASSIGN
+ - UNASSIGN
+ - CREATE_GROUP
+ - UPDATE_GROUP
+ - DELETE_GROUP
+ - REGISTER
+ - CREATE_IDENTITY
+ - UPDATE_IDENTITY
+ - EDIT_GROUP
+ - ENABLE
+ - DISABLE
+ - UNLOCK
+ - CHANGE_PASSWORD
+ description: The type of ProvisioningPolicy usage.
+ responses:
+ '204':
+ description: The ProvisioningPolicyDto was successfully deleted.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/sources/{sourceId}/provisioning-policies/bulk-update':
+ post:
+ operationId: bulkUpdateProvisioningPolicies
+ tags:
+ - Sources
+ summary: Bulk Update Provisioning Policies
+ description: |-
+ This end-point updates a list of provisioning policies on the specified source in IdentityNow.
+ A token with API, or ORG_ADMIN authority is required to call this API.
+ security:
+ - oauth2:
+ - 'idn:provisioning-policy-bulk:update'
+ parameters:
+ - in: path
+ name: sourceId
+ required: true
+ schema:
+ type: string
+ description: The Source id.
+ example: 2c9180835d191a86015d28455b4a2329
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description:
+ type: string
+ usageType:
+ type: string
+ nullable: false
+ enum:
+ - CREATE
+ - UPDATE
+ - DELETE
+ - ASSIGN
+ - UNASSIGN
+ - CREATE_GROUP
+ - UPDATE_GROUP
+ - DELETE_GROUP
+ - REGISTER
+ - CREATE_IDENTITY
+ - UPDATE_IDENTITY
+ - EDIT_GROUP
+ - ENABLE
+ - DISABLE
+ - UNLOCK
+ - CHANGE_PASSWORD
+ fields:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: userName
+ transform:
+ type: object
+ description: The transform to apply to the field
+ example:
+ type: rule
+ attributes:
+ name: Create Unique LDAP Attribute
+ default: {}
+ attributes:
+ type: object
+ description: Attributes required for the transform
+ example:
+ template: '${firstname}.${lastname}${uniqueCounter}'
+ cloudMaxUniqueChecks: '50'
+ cloudMaxSize: '20'
+ cloudRequired: 'true'
+ isRequired:
+ type: boolean
+ readOnly: true
+ description: Flag indicating whether or not the attribute is required.
+ default: false
+ example: false
+ type:
+ type: string
+ description: The type of the attribute.
+ example: string
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ default: false
+ example: false
+ responses:
+ '200':
+ description: A list of the ProvisioningPolicyDto was successfully replaced.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description:
+ type: string
+ usageType:
+ type: string
+ nullable: false
+ enum:
+ - CREATE
+ - UPDATE
+ - DELETE
+ - ASSIGN
+ - UNASSIGN
+ - CREATE_GROUP
+ - UPDATE_GROUP
+ - DELETE_GROUP
+ - REGISTER
+ - CREATE_IDENTITY
+ - UPDATE_IDENTITY
+ - EDIT_GROUP
+ - ENABLE
+ - DISABLE
+ - UNLOCK
+ - CHANGE_PASSWORD
+ fields:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: userName
+ transform:
+ type: object
+ description: The transform to apply to the field
+ example:
+ type: rule
+ attributes:
+ name: Create Unique LDAP Attribute
+ default: {}
+ attributes:
+ type: object
+ description: Attributes required for the transform
+ example:
+ template: '${firstname}.${lastname}${uniqueCounter}'
+ cloudMaxUniqueChecks: '50'
+ cloudMaxSize: '20'
+ cloudRequired: 'true'
+ isRequired:
+ type: boolean
+ readOnly: true
+ description: Flag indicating whether or not the attribute is required.
+ default: false
+ example: false
+ type:
+ type: string
+ description: The type of the attribute.
+ example: string
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ default: false
+ example: false
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/sources/{sourceId}/schemas':
+ get:
+ operationId: listSchemas
+ tags:
+ - Sources
+ summary: List Schemas on a Source
+ description: |
+ Lists the Schemas that exist on the specified Source in IdentityNow.
+ parameters:
+ - in: path
+ name: sourceId
+ required: true
+ schema:
+ type: string
+ description: The Source ID.
+ example: 2c9180835d191a86015d28455b4a2329
+ - in: query
+ name: include-types
+ required: false
+ schema:
+ type: string
+ description: 'If set to ''group'', then the account schema is filtered and only group schemas are returned. Only a value of ''group'' is recognized.'
+ example: group
+ responses:
+ '200':
+ description: The Schemas were successfully retrieved.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the Schema.
+ example: 2c9180835d191a86015d28455b4a2329
+ name:
+ type: string
+ description: The name of the Schema.
+ example: account
+ nativeObjectType:
+ type: string
+ description: The name of the object type on the native system that the schema represents.
+ example: User
+ identityAttribute:
+ type: string
+ description: The name of the attribute used to calculate the unique identifier for an object in the schema.
+ example: sAMAccountName
+ displayAttribute:
+ type: string
+ description: The name of the attribute used to calculate the display value for an object in the schema.
+ example: distinguishedName
+ hierarchyAttribute:
+ type: string
+ description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
+ example: memberOf
+ includePermissions:
+ type: boolean
+ description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
+ example: false
+ features:
+ type: array
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ description: The features that the schema supports.
+ example:
+ - PROVISIONING
+ - NO_PERMISSIONS_PROVISIONING
+ - GROUPS_HAVE_MEMBERS
+ configuration:
+ type: object
+ description: Holds any extra configuration data that the schema may require.
+ example:
+ groupMemberAttribute: member
+ attributes:
+ type: array
+ description: The attribute definitions which form the schema.
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: sAMAccountName
+ type:
+ description: The type of the attribute.
+ example: string
+ type: string
+ enum:
+ - STRING
+ - LONG
+ - INT
+ - BOOLEAN
+ schema:
+ description: A reference to the schema on the source to which the values of the attribute map.
+ example:
+ type: CONNECTOR_SCHEMA
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: group
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description:
+ type: string
+ description: A human-readable description of the attribute.
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ example: false
+ isEntitlement:
+ type: boolean
+ description: Flag indicating whether or not the attribute is an entitlement.
+ example: false
+ isGroup:
+ type: boolean
+ description: Flag indicating whether or not the attribute represents a group.
+ example: false
+ readOnly: true
+ example:
+ - name: sAMAccountName
+ type: string
+ isMultiValued: false
+ isEntitlement: false
+ isGroup: false
+ - name: memberOf
+ type: string
+ description: Group membership
+ isMultiValued: true
+ isEntitlement: true
+ isGroup: true
+ created:
+ type: string
+ description: The date the Schema was created.
+ format: date-time
+ example: '2019-12-24T22:32:58.104Z'
+ modified:
+ type: string
+ description: The date the Schema was last modified.
+ format: date-time
+ example: '2019-12-31T20:22:28.104Z'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ post:
+ operationId: createSchema
+ tags:
+ - Sources
+ summary: Create Schema on a Source
+ description: |
+ Creates a new Schema on the specified Source in IdentityNow.
+ parameters:
+ - in: path
+ name: sourceId
+ required: true
+ schema:
+ type: string
+ description: The Source id.
+ example: 2c9180835d191a86015d28455b4a2329
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the Schema.
+ example: 2c9180835d191a86015d28455b4a2329
+ name:
+ type: string
+ description: The name of the Schema.
+ example: account
+ nativeObjectType:
+ type: string
+ description: The name of the object type on the native system that the schema represents.
+ example: User
+ identityAttribute:
+ type: string
+ description: The name of the attribute used to calculate the unique identifier for an object in the schema.
+ example: sAMAccountName
+ displayAttribute:
+ type: string
+ description: The name of the attribute used to calculate the display value for an object in the schema.
+ example: distinguishedName
+ hierarchyAttribute:
+ type: string
+ description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
+ example: memberOf
+ includePermissions:
+ type: boolean
+ description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
+ example: false
+ features:
+ type: array
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ description: The features that the schema supports.
+ example:
+ - PROVISIONING
+ - NO_PERMISSIONS_PROVISIONING
+ - GROUPS_HAVE_MEMBERS
+ configuration:
+ type: object
+ description: Holds any extra configuration data that the schema may require.
+ example:
+ groupMemberAttribute: member
+ attributes:
+ type: array
+ description: The attribute definitions which form the schema.
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: sAMAccountName
+ type:
+ description: The type of the attribute.
+ example: string
+ type: string
+ enum:
+ - STRING
+ - LONG
+ - INT
+ - BOOLEAN
+ schema:
+ description: A reference to the schema on the source to which the values of the attribute map.
+ example:
+ type: CONNECTOR_SCHEMA
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: group
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description:
+ type: string
+ description: A human-readable description of the attribute.
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ example: false
+ isEntitlement:
+ type: boolean
+ description: Flag indicating whether or not the attribute is an entitlement.
+ example: false
+ isGroup:
+ type: boolean
+ description: Flag indicating whether or not the attribute represents a group.
+ example: false
+ readOnly: true
+ example:
+ - name: sAMAccountName
+ type: string
+ isMultiValued: false
+ isEntitlement: false
+ isGroup: false
+ - name: memberOf
+ type: string
+ description: Group membership
+ isMultiValued: true
+ isEntitlement: true
+ isGroup: true
+ created:
+ type: string
+ description: The date the Schema was created.
+ format: date-time
+ example: '2019-12-24T22:32:58.104Z'
+ modified:
+ type: string
+ description: The date the Schema was last modified.
+ format: date-time
+ example: '2019-12-31T20:22:28.104Z'
+ responses:
+ '201':
+ description: The Schema was successfully created on the specified Source.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the Schema.
+ example: 2c9180835d191a86015d28455b4a2329
+ name:
+ type: string
+ description: The name of the Schema.
+ example: account
+ nativeObjectType:
+ type: string
+ description: The name of the object type on the native system that the schema represents.
+ example: User
+ identityAttribute:
+ type: string
+ description: The name of the attribute used to calculate the unique identifier for an object in the schema.
+ example: sAMAccountName
+ displayAttribute:
+ type: string
+ description: The name of the attribute used to calculate the display value for an object in the schema.
+ example: distinguishedName
+ hierarchyAttribute:
+ type: string
+ description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
+ example: memberOf
+ includePermissions:
+ type: boolean
+ description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
+ example: false
+ features:
+ type: array
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ description: The features that the schema supports.
+ example:
+ - PROVISIONING
+ - NO_PERMISSIONS_PROVISIONING
+ - GROUPS_HAVE_MEMBERS
+ configuration:
+ type: object
+ description: Holds any extra configuration data that the schema may require.
+ example:
+ groupMemberAttribute: member
+ attributes:
+ type: array
+ description: The attribute definitions which form the schema.
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: sAMAccountName
+ type:
+ description: The type of the attribute.
+ example: string
+ type: string
+ enum:
+ - STRING
+ - LONG
+ - INT
+ - BOOLEAN
+ schema:
+ description: A reference to the schema on the source to which the values of the attribute map.
+ example:
+ type: CONNECTOR_SCHEMA
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: group
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description:
+ type: string
+ description: A human-readable description of the attribute.
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ example: false
+ isEntitlement:
+ type: boolean
+ description: Flag indicating whether or not the attribute is an entitlement.
+ example: false
+ isGroup:
+ type: boolean
+ description: Flag indicating whether or not the attribute represents a group.
+ example: false
+ readOnly: true
+ example:
+ - name: sAMAccountName
+ type: string
+ isMultiValued: false
+ isEntitlement: false
+ isGroup: false
+ - name: memberOf
+ type: string
+ description: Group membership
+ isMultiValued: true
+ isEntitlement: true
+ isGroup: true
+ created:
+ type: string
+ description: The date the Schema was created.
+ format: date-time
+ example: '2019-12-24T22:32:58.104Z'
+ modified:
+ type: string
+ description: The date the Schema was last modified.
+ format: date-time
+ example: '2019-12-31T20:22:28.104Z'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/sources/{sourceId}/schemas/{schemaId}':
+ get:
+ operationId: getSchema
+ tags:
+ - Sources
+ summary: Get Source Schema by ID
+ description: |
+ Get the Source Schema by ID in IdentityNow.
+ parameters:
+ - in: path
+ name: sourceId
+ required: true
+ schema:
+ type: string
+ description: The Source id.
+ example: 2c9180835d191a86015d28455b4a2329
+ - in: path
+ name: schemaId
+ schema:
+ type: string
+ required: true
+ description: The Schema id.
+ example: 2c9180835d191a86015d28455b4a2329
+ responses:
+ '200':
+ description: The requested Schema was successfully retrieved.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the Schema.
+ example: 2c9180835d191a86015d28455b4a2329
+ name:
+ type: string
+ description: The name of the Schema.
+ example: account
+ nativeObjectType:
+ type: string
+ description: The name of the object type on the native system that the schema represents.
+ example: User
+ identityAttribute:
+ type: string
+ description: The name of the attribute used to calculate the unique identifier for an object in the schema.
+ example: sAMAccountName
+ displayAttribute:
+ type: string
+ description: The name of the attribute used to calculate the display value for an object in the schema.
+ example: distinguishedName
+ hierarchyAttribute:
+ type: string
+ description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
+ example: memberOf
+ includePermissions:
+ type: boolean
+ description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
+ example: false
+ features:
+ type: array
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ description: The features that the schema supports.
+ example:
+ - PROVISIONING
+ - NO_PERMISSIONS_PROVISIONING
+ - GROUPS_HAVE_MEMBERS
+ configuration:
+ type: object
+ description: Holds any extra configuration data that the schema may require.
+ example:
+ groupMemberAttribute: member
+ attributes:
+ type: array
+ description: The attribute definitions which form the schema.
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: sAMAccountName
+ type:
+ description: The type of the attribute.
+ example: string
+ type: string
+ enum:
+ - STRING
+ - LONG
+ - INT
+ - BOOLEAN
+ schema:
+ description: A reference to the schema on the source to which the values of the attribute map.
+ example:
+ type: CONNECTOR_SCHEMA
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: group
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description:
+ type: string
+ description: A human-readable description of the attribute.
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ example: false
+ isEntitlement:
+ type: boolean
+ description: Flag indicating whether or not the attribute is an entitlement.
+ example: false
+ isGroup:
+ type: boolean
+ description: Flag indicating whether or not the attribute represents a group.
+ example: false
+ readOnly: true
+ example:
+ - name: sAMAccountName
+ type: string
+ isMultiValued: false
+ isEntitlement: false
+ isGroup: false
+ - name: memberOf
+ type: string
+ description: Group membership
+ isMultiValued: true
+ isEntitlement: true
+ isGroup: true
+ created:
+ type: string
+ description: The date the Schema was created.
+ format: date-time
+ example: '2019-12-24T22:32:58.104Z'
+ modified:
+ type: string
+ description: The date the Schema was last modified.
+ format: date-time
+ example: '2019-12-31T20:22:28.104Z'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ put:
+ operationId: replaceSchema
+ tags:
+ - Sources
+ summary: Update Source Schema (Full)
+ description: |
+ This API will completely replace an existing Schema with the submitted payload. Some fields of the Schema cannot be updated. These fields are listed below.
+
+ * id
+ * name
+ * created
+ * modified
+
+ Any attempt to modify these fields will result in an error response with a status code of 400.
+
+ > `id` must remain in the request body, but it cannot be changed. If `id` is omitted from the request body, the result will be a 400 error.
+ parameters:
+ - in: path
+ name: sourceId
+ required: true
+ schema:
+ type: string
+ description: The Source id.
+ example: 2c9180835d191a86015d28455b4a2329
+ - in: path
+ name: schemaId
+ schema:
+ type: string
+ required: true
+ description: The Schema id.
+ example: 2c9180835d191a86015d28455b4a2329
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the Schema.
+ example: 2c9180835d191a86015d28455b4a2329
+ name:
+ type: string
+ description: The name of the Schema.
+ example: account
+ nativeObjectType:
+ type: string
+ description: The name of the object type on the native system that the schema represents.
+ example: User
+ identityAttribute:
+ type: string
+ description: The name of the attribute used to calculate the unique identifier for an object in the schema.
+ example: sAMAccountName
+ displayAttribute:
+ type: string
+ description: The name of the attribute used to calculate the display value for an object in the schema.
+ example: distinguishedName
+ hierarchyAttribute:
+ type: string
+ description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
+ example: memberOf
+ includePermissions:
+ type: boolean
+ description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
+ example: false
+ features:
+ type: array
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ description: The features that the schema supports.
+ example:
+ - PROVISIONING
+ - NO_PERMISSIONS_PROVISIONING
+ - GROUPS_HAVE_MEMBERS
+ configuration:
+ type: object
+ description: Holds any extra configuration data that the schema may require.
+ example:
+ groupMemberAttribute: member
+ attributes:
+ type: array
+ description: The attribute definitions which form the schema.
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: sAMAccountName
+ type:
+ description: The type of the attribute.
+ example: string
+ type: string
+ enum:
+ - STRING
+ - LONG
+ - INT
+ - BOOLEAN
+ schema:
+ description: A reference to the schema on the source to which the values of the attribute map.
+ example:
+ type: CONNECTOR_SCHEMA
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: group
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description:
+ type: string
+ description: A human-readable description of the attribute.
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ example: false
+ isEntitlement:
+ type: boolean
+ description: Flag indicating whether or not the attribute is an entitlement.
+ example: false
+ isGroup:
+ type: boolean
+ description: Flag indicating whether or not the attribute represents a group.
+ example: false
+ readOnly: true
+ example:
+ - name: sAMAccountName
+ type: string
+ isMultiValued: false
+ isEntitlement: false
+ isGroup: false
+ - name: memberOf
+ type: string
+ description: Group membership
+ isMultiValued: true
+ isEntitlement: true
+ isGroup: true
+ created:
+ type: string
+ description: The date the Schema was created.
+ format: date-time
+ example: '2019-12-24T22:32:58.104Z'
+ modified:
+ type: string
+ description: The date the Schema was last modified.
+ format: date-time
+ example: '2019-12-31T20:22:28.104Z'
+ responses:
+ '200':
+ description: The Schema was successfully replaced.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the Schema.
+ example: 2c9180835d191a86015d28455b4a2329
+ name:
+ type: string
+ description: The name of the Schema.
+ example: account
+ nativeObjectType:
+ type: string
+ description: The name of the object type on the native system that the schema represents.
+ example: User
+ identityAttribute:
+ type: string
+ description: The name of the attribute used to calculate the unique identifier for an object in the schema.
+ example: sAMAccountName
+ displayAttribute:
+ type: string
+ description: The name of the attribute used to calculate the display value for an object in the schema.
+ example: distinguishedName
+ hierarchyAttribute:
+ type: string
+ description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
+ example: memberOf
+ includePermissions:
+ type: boolean
+ description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
+ example: false
+ features:
+ type: array
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ description: The features that the schema supports.
+ example:
+ - PROVISIONING
+ - NO_PERMISSIONS_PROVISIONING
+ - GROUPS_HAVE_MEMBERS
+ configuration:
+ type: object
+ description: Holds any extra configuration data that the schema may require.
+ example:
+ groupMemberAttribute: member
+ attributes:
+ type: array
+ description: The attribute definitions which form the schema.
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: sAMAccountName
+ type:
+ description: The type of the attribute.
+ example: string
+ type: string
+ enum:
+ - STRING
+ - LONG
+ - INT
+ - BOOLEAN
+ schema:
+ description: A reference to the schema on the source to which the values of the attribute map.
+ example:
+ type: CONNECTOR_SCHEMA
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: group
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description:
+ type: string
+ description: A human-readable description of the attribute.
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ example: false
+ isEntitlement:
+ type: boolean
+ description: Flag indicating whether or not the attribute is an entitlement.
+ example: false
+ isGroup:
+ type: boolean
+ description: Flag indicating whether or not the attribute represents a group.
+ example: false
+ readOnly: true
+ example:
+ - name: sAMAccountName
+ type: string
+ isMultiValued: false
+ isEntitlement: false
+ isGroup: false
+ - name: memberOf
+ type: string
+ description: Group membership
+ isMultiValued: true
+ isEntitlement: true
+ isGroup: true
+ created:
+ type: string
+ description: The date the Schema was created.
+ format: date-time
+ example: '2019-12-24T22:32:58.104Z'
+ modified:
+ type: string
+ description: The date the Schema was last modified.
+ format: date-time
+ example: '2019-12-31T20:22:28.104Z'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ patch:
+ operationId: updateSchema
+ tags:
+ - Sources
+ summary: Update Source Schema (Partial)
+ description: |-
+ This API can be used to selectively update an existing Schema using a JSONPatch payload. Some fields of the Schema cannot be updated. These fields are listed below.
+ * id
+ * name
+ * created
+ * modified
+ parameters:
+ - in: path
+ name: sourceId
+ required: true
+ schema:
+ type: string
+ description: The Source id.
+ example: 2c9180835d191a86015d28455b4a2329
+ - in: path
+ name: schemaId
+ schema:
+ type: string
+ required: true
+ description: The Schema id.
+ example: 2c9180835d191a86015d28455b4a2329
+ requestBody:
+ required: true
+ description: The JSONPatch payload used to update the schema.
+ content:
+ application/json-patch+json:
+ schema:
+ type: array
+ items:
+ type: object
+ description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)'
+ required:
+ - op
+ - path
+ properties:
+ op:
+ type: string
+ description: The operation to be performed
+ enum:
+ - add
+ - remove
+ - replace
+ - move
+ - copy
+ - test
+ example: replace
+ path:
+ type: string
+ description: A string JSON Pointer representing the target path to an element to be affected by the operation
+ example: /description
+ value:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ - type: array
+ items:
+ anyOf:
+ - type: string
+ - type: integer
+ - type: object
+ description: 'The value to be used for the operation, required for "add" and "replace" operations'
+ example: New description
+ examples:
+ add-attribute:
+ summary: Add an attribute to the end of the list
+ value:
+ - op: add
+ path: /attributes/-
+ value:
+ name: location
+ type: STRING
+ schema: null
+ description: Employee location
+ isMulti: false
+ isEntitlement: false
+ isGroup: false
+ responses:
+ '200':
+ description: The Schema was successfully updated.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the Schema.
+ example: 2c9180835d191a86015d28455b4a2329
+ name:
+ type: string
+ description: The name of the Schema.
+ example: account
+ nativeObjectType:
+ type: string
+ description: The name of the object type on the native system that the schema represents.
+ example: User
+ identityAttribute:
+ type: string
+ description: The name of the attribute used to calculate the unique identifier for an object in the schema.
+ example: sAMAccountName
+ displayAttribute:
+ type: string
+ description: The name of the attribute used to calculate the display value for an object in the schema.
+ example: distinguishedName
+ hierarchyAttribute:
+ type: string
+ description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
+ example: memberOf
+ includePermissions:
+ type: boolean
+ description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
+ example: false
+ features:
+ type: array
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ description: The features that the schema supports.
+ example:
+ - PROVISIONING
+ - NO_PERMISSIONS_PROVISIONING
+ - GROUPS_HAVE_MEMBERS
+ configuration:
+ type: object
+ description: Holds any extra configuration data that the schema may require.
+ example:
+ groupMemberAttribute: member
+ attributes:
+ type: array
+ description: The attribute definitions which form the schema.
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: sAMAccountName
+ type:
+ description: The type of the attribute.
+ example: string
+ type: string
+ enum:
+ - STRING
+ - LONG
+ - INT
+ - BOOLEAN
+ schema:
+ description: A reference to the schema on the source to which the values of the attribute map.
+ example:
+ type: CONNECTOR_SCHEMA
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: group
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description:
+ type: string
+ description: A human-readable description of the attribute.
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ example: false
+ isEntitlement:
+ type: boolean
+ description: Flag indicating whether or not the attribute is an entitlement.
+ example: false
+ isGroup:
+ type: boolean
+ description: Flag indicating whether or not the attribute represents a group.
+ example: false
+ readOnly: true
+ example:
+ - name: sAMAccountName
+ type: string
+ isMultiValued: false
+ isEntitlement: false
+ isGroup: false
+ - name: memberOf
+ type: string
+ description: Group membership
+ isMultiValued: true
+ isEntitlement: true
+ isGroup: true
+ created:
+ type: string
+ description: The date the Schema was created.
+ format: date-time
+ example: '2019-12-24T22:32:58.104Z'
+ modified:
+ type: string
+ description: The date the Schema was last modified.
+ format: date-time
+ example: '2019-12-31T20:22:28.104Z'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ delete:
+ operationId: deleteSchema
+ tags:
+ - Sources
+ summary: Delete Source Schema by ID
+ parameters:
+ - in: path
+ name: sourceId
+ required: true
+ schema:
+ type: string
+ description: The Source id.
+ example: 2c9180835d191a86015d28455b4a2329
+ - in: path
+ name: schemaId
+ schema:
+ type: string
+ required: true
+ description: The Schema id.
+ example: 2c9180835d191a86015d28455b4a2329
+ responses:
+ '204':
+ description: The Schema was successfully deleted.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/sources/{sourceId}/source-health':
+ get:
+ operationId: getSourceHealth
+ tags:
+ - Sources
+ summary: This API fetches source health by source's id
+ description: This endpoint fetches source health by source's id
+ parameters:
+ - in: path
+ name: sourceId
+ required: true
+ schema:
+ type: string
+ description: The Source id.
+ example: 2c9180835d191a86015d28455b4a2329
+ responses:
+ '200':
+ description: Fetched source health successfully
+ content:
+ application/json:
+ schema:
+ type: object
+ description: Dto for source health data
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: the id of the Source
+ example: 2c91808568c529c60168cca6f90c1324
+ type:
+ type: string
+ description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..'
+ example: OpenLDAP - Direct
+ name:
+ type: string
+ description: the name of the source
+ example: Source1234
+ org:
+ type: string
+ description: source's org
+ example: denali-cjh
+ isAuthoritative:
+ type: boolean
+ isCluster:
+ type: boolean
+ hostname:
+ type: string
+ example: megapod-useast1-secret-hostname.sailpoint.com
+ pod:
+ type: string
+ description: source's pod
+ example: megapod-useast1
+ iqServiceVersion:
+ type: string
+ example: iqVersion123
+ status:
+ type: string
+ enum:
+ - SOURCE_STATE_ERROR_CLUSTER
+ - SOURCE_STATE_ERROR_SOURCE
+ - SOURCE_STATE_ERROR_VA
+ - SOURCE_STATE_FAILURE_CLUSTER
+ - SOURCE_STATE_FAILURE_SOURCE
+ - SOURCE_STATE_HEALTHY
+ - SOURCE_STATE_UNCHECKED_CLUSTER
+ - SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
+ - SOURCE_STATE_UNCHECKED_SOURCE
+ - SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
+ description: connection test result
+ example: SOURCE_STATE_UNCHECKED_SOURCE
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/sources/{id}/schemas/accounts':
+ get:
+ tags:
+ - Sources
+ summary: Downloads source accounts schema template
+ description: |-
+ This API downloads the CSV schema that defines the account attributes on a source.
+ >**NOTE: This API is designated only for Delimited File sources.**
+ operationId: downloadSourceAccountsSchema
+ parameters:
+ - in: path
+ name: id
+ required: true
+ schema:
+ type: string
+ description: The Source id
+ example: 8c190e6787aa4ed9a90bd9d5344523fb
+ responses:
+ '200':
+ description: Successfully downloaded the file
+ content:
+ text/csv:
+ example: 'id,name,givenName,familyName,e-mail,location,manager,groups,startDate,endDate'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:source-schema:read'
+ post:
+ tags:
+ - Sources
+ summary: Uploads source accounts schema template
+ description: |-
+ This API uploads a source schema template file to configure a source's account attributes.
+
+ To retrieve the file to modify and upload, log into Identity Now.
+
+ Click **Admin** -> **Connections** -> **Sources** -> **``** -> **Import Data** -> **Account Schema** -> **Options** -> **Download Schema**
+
+ >**NOTE: This API is designated only for Delimited File sources.**
+ operationId: uploadSourceAccountsSchema
+ parameters:
+ - in: path
+ name: id
+ required: true
+ schema:
+ type: string
+ description: The Source id
+ example: 8c190e6787aa4ed9a90bd9d5344523fb
+ requestBody:
+ required: true
+ content:
+ multipart/form-data:
+ schema:
+ type: object
+ properties:
+ file:
+ type: string
+ format: binary
+ responses:
+ '200':
+ description: Successfully uploaded the file
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the Schema.
+ example: 2c9180835d191a86015d28455b4a2329
+ name:
+ type: string
+ description: The name of the Schema.
+ example: account
+ nativeObjectType:
+ type: string
+ description: The name of the object type on the native system that the schema represents.
+ example: User
+ identityAttribute:
+ type: string
+ description: The name of the attribute used to calculate the unique identifier for an object in the schema.
+ example: sAMAccountName
+ displayAttribute:
+ type: string
+ description: The name of the attribute used to calculate the display value for an object in the schema.
+ example: distinguishedName
+ hierarchyAttribute:
+ type: string
+ description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
+ example: memberOf
+ includePermissions:
+ type: boolean
+ description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
+ example: false
+ features:
+ type: array
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ description: The features that the schema supports.
+ example:
+ - PROVISIONING
+ - NO_PERMISSIONS_PROVISIONING
+ - GROUPS_HAVE_MEMBERS
+ configuration:
+ type: object
+ description: Holds any extra configuration data that the schema may require.
+ example:
+ groupMemberAttribute: member
+ attributes:
+ type: array
+ description: The attribute definitions which form the schema.
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: sAMAccountName
+ type:
+ description: The type of the attribute.
+ example: string
+ type: string
+ enum:
+ - STRING
+ - LONG
+ - INT
+ - BOOLEAN
+ schema:
+ description: A reference to the schema on the source to which the values of the attribute map.
+ example:
+ type: CONNECTOR_SCHEMA
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: group
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description:
+ type: string
+ description: A human-readable description of the attribute.
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ example: false
+ isEntitlement:
+ type: boolean
+ description: Flag indicating whether or not the attribute is an entitlement.
+ example: false
+ isGroup:
+ type: boolean
+ description: Flag indicating whether or not the attribute represents a group.
+ example: false
+ readOnly: true
+ example:
+ - name: sAMAccountName
+ type: string
+ isMultiValued: false
+ isEntitlement: false
+ isGroup: false
+ - name: memberOf
+ type: string
+ description: Group membership
+ isMultiValued: true
+ isEntitlement: true
+ isGroup: true
+ created:
+ type: string
+ description: The date the Schema was created.
+ format: date-time
+ example: '2019-12-24T22:32:58.104Z'
+ modified:
+ type: string
+ description: The date the Schema was last modified.
+ format: date-time
+ example: '2019-12-31T20:22:28.104Z'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:source-schema:update'
+ '/sources/{id}/schemas/entitlements':
+ get:
+ tags:
+ - Sources
+ summary: Downloads source entitlements schema template
+ description: |-
+ This API downloads the CSV schema that defines the entitlement attributes on a source.
+
+ >**NOTE: This API is designated only for Delimited File sources.**
+ operationId: downloadSourceEntitlementsSchema
+ parameters:
+ - in: path
+ name: id
+ required: true
+ schema:
+ type: string
+ description: The Source id
+ example: 8c190e6787aa4ed9a90bd9d5344523fb
+ - in: query
+ name: schemaName
+ schema:
+ type: string
+ description: Name of entitlement schema
+ example: '?schemaName=group'
+ responses:
+ '200':
+ description: Successfully downloaded the file
+ content:
+ text/csv:
+ example: 'id,name,displayName,created,description,modified,entitlements,groups,permissions'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:source-schema:read'
+ post:
+ tags:
+ - Sources
+ summary: Uploads source entitlements schema template
+ description: |-
+ This API uploads a source schema template file to configure a source's entitlement attributes.
+
+ To retrieve the file to modify and upload, log into Identity Now.
+
+ Click **Admin** -> **Connections** -> **Sources** -> **``** -> **Import Data** -> **Import Entitlements** -> **Download**
+
+ >**NOTE: This API is designated only for Delimited File sources.**
+ operationId: uploadSourceEntitlementsSchema
+ parameters:
+ - in: path
+ name: id
+ required: true
+ schema:
+ type: string
+ description: The Source id
+ example: 8c190e6787aa4ed9a90bd9d5344523fb
+ - in: query
+ name: schemaName
+ schema:
+ type: string
+ description: Name of entitlement schema
+ example: '?schemaName=group'
+ requestBody:
+ required: true
+ content:
+ multipart/form-data:
+ schema:
+ type: object
+ properties:
+ file:
+ type: string
+ format: binary
+ responses:
+ '200':
+ description: Successfully uploaded the file
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the Schema.
+ example: 2c9180835d191a86015d28455b4a2329
+ name:
+ type: string
+ description: The name of the Schema.
+ example: account
+ nativeObjectType:
+ type: string
+ description: The name of the object type on the native system that the schema represents.
+ example: User
+ identityAttribute:
+ type: string
+ description: The name of the attribute used to calculate the unique identifier for an object in the schema.
+ example: sAMAccountName
+ displayAttribute:
+ type: string
+ description: The name of the attribute used to calculate the display value for an object in the schema.
+ example: distinguishedName
+ hierarchyAttribute:
+ type: string
+ description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas.
+ example: memberOf
+ includePermissions:
+ type: boolean
+ description: Flag indicating whether or not the include permissions with the object data when aggregating the schema.
+ example: false
+ features:
+ type: array
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ description: The features that the schema supports.
+ example:
+ - PROVISIONING
+ - NO_PERMISSIONS_PROVISIONING
+ - GROUPS_HAVE_MEMBERS
+ configuration:
+ type: object
+ description: Holds any extra configuration data that the schema may require.
+ example:
+ groupMemberAttribute: member
+ attributes:
+ type: array
+ description: The attribute definitions which form the schema.
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: sAMAccountName
+ type:
+ description: The type of the attribute.
+ example: string
+ type: string
+ enum:
+ - STRING
+ - LONG
+ - INT
+ - BOOLEAN
+ schema:
+ description: A reference to the schema on the source to which the values of the attribute map.
+ example:
+ type: CONNECTOR_SCHEMA
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: group
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description:
+ type: string
+ description: A human-readable description of the attribute.
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ example: false
+ isEntitlement:
+ type: boolean
+ description: Flag indicating whether or not the attribute is an entitlement.
+ example: false
+ isGroup:
+ type: boolean
+ description: Flag indicating whether or not the attribute represents a group.
+ example: false
+ readOnly: true
+ example:
+ - name: sAMAccountName
+ type: string
+ isMultiValued: false
+ isEntitlement: false
+ isGroup: false
+ - name: memberOf
+ type: string
+ description: Group membership
+ isMultiValued: true
+ isEntitlement: true
+ isGroup: true
+ created:
+ type: string
+ description: The date the Schema was created.
+ format: date-time
+ example: '2019-12-24T22:32:58.104Z'
+ modified:
+ type: string
+ description: The date the Schema was last modified.
+ format: date-time
+ example: '2019-12-31T20:22:28.104Z'
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:source-schema:update'
+ '/sources/{sourceId}/upload-connector-file':
+ post:
+ operationId: uploadConnectorFile
+ tags:
+ - Sources
+ summary: Upload connector file to source
+ parameters:
+ - in: path
+ name: sourceId
+ required: true
+ schema:
+ type: string
+ description: The Source id.
+ example: 2c9180835d191a86015d28455b4a2329
+ description: |-
+ This uploads a supplemental source connector file (like jdbc driver jars) to a source's S3 bucket. This also sends ETS and Audit events.
+ A token with ORG_ADMIN authority is required to call this API.
+ requestBody:
+ required: true
+ content:
+ multipart/form-data:
+ schema:
+ type: object
+ properties:
+ file:
+ type: string
+ format: binary
+ responses:
+ '200':
+ description: Uploaded the file successfully and sent all post-upload events
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: the id of the Source
+ example: 2c91808568c529c60168cca6f90c1324
+ description:
+ type: string
+ description: Human-readable description of the source
+ example: This is the corporate directory.
+ owner:
+ description: Reference to an owning Identity Object
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ cluster:
+ description: Reference to the associated Cluster
+ example:
+ type: CLUSTER
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: Corporate Cluster
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationConfig:
+ description: Reference to a Correlation Config object
+ example:
+ type: ACCOUNT_CORRELATION_CONFIG
+ id: 2c9180855d191c59015d28583727245a
+ name: 'Directory [source-62867] Account Correlation'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationRule:
+ description: 'Reference to a Rule that can do COMPLEX the correlation, should only be used when accountCorrelationConfig can''t be used.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ managerCorrelationMapping:
+ description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity
+ type: object
+ properties:
+ accountAttribute:
+ type: string
+ description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
+ example: manager
+ identityAttribute:
+ type: string
+ description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
+ example: manager
+ managerCorrelationRule:
+ description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ beforeProvisioningRule:
+ description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ schemas:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to Schema objects
+ example:
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232a
+ name: account
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232b
+ name: group
+ passwordPolicies:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to the associated PasswordPolicy objects.
+ example:
+ - type: PASSWORD_POLICY
+ id: 2c9180855d191c59015d291ceb053980
+ name: Corporate Password Policy
+ features:
+ type: array
+ description: Optional features that can be supported by a source.
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ example:
+ - SYNC_PROVISIONING
+ - MANAGER_LOOKUP
+ - SEARCH
+ - PROVISIONING
+ - AUTHENTICATE
+ - GROUP_PROVISIONING
+ - PASSWORD
+ type:
+ type: string
+ description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..'
+ example: OpenLDAP - Direct
+ connector:
+ type: string
+ description: Connector script name.
+ example: active-directory
+ connectorClass:
+ type: string
+ description: The fully qualified name of the Java class that implements the connector interface.
+ example: sailpoint.connector.LDAPConnector
+ connectorAttributes:
+ type: object
+ description: Connector specific configuration; will differ from type to type.
+ example:
+ healthCheckTimeout: 30
+ authSearchAttributes:
+ - cn
+ - uid
+ - mail
+ deleteThreshold:
+ type: integer
+ format: int32
+ description: Number from 0 to 100 that specifies when to skip the delete phase.
+ example: 10
+ authoritative:
+ type: boolean
+ description: When true indicates the source is referenced by an IdentityProfile.
+ example: false
+ managementWorkgroup:
+ description: Reference to Management Workgroup for this Source
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ healthy:
+ type: boolean
+ description: When true indicates a healthy source
+ example: true
+ status:
+ type: string
+ description: 'A status identifier, giving specific information on why a source is healthy or not'
+ example: SOURCE_STATE_HEALTHY
+ since:
+ type: string
+ description: Timestamp showing when a source health check was last performed
+ example: '2021-09-28T15:48:29.3801666300Z'
+ connectorId:
+ type: string
+ description: The id of connector
+ example: active-directory
+ connectorName:
+ type: string
+ description: The name of the connector that was chosen on source creation
+ example: Active Directory
+ connectionType:
+ type: string
+ description: The type of connection (direct or file)
+ example: file
+ connectorImplementstionId:
+ type: string
+ description: The connector implementstion id
+ example: delimited-file
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /transforms:
+ get:
+ tags:
+ - Transforms
+ summary: List transforms
+ description: |-
+ Gets a list of all saved transform objects.
+ A token with transforms-list read authority is required to call this API.
+ operationId: getTransformsList
+ parameters:
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - name: name
+ in: query
+ description: Name of the transform to retrieve from the list.
+ required: false
+ style: form
+ schema:
+ type: string
+ example: ExampleTransformName123
+ - name: filters
+ in: query
+ description: |-
+ Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+ Filtering is supported for the following fields and operators:
+ **internal**: *eq*
+ **name**: *eq*, *sw*
+ required: false
+ style: form
+ explode: true
+ example: name eq "Uppercase"
+ schema:
+ type: string
+ responses:
+ '200':
+ description: A list of transforms matching the given criteria.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ description: The representation of an internally- or customer-defined transform.
+ required:
+ - name
+ - type
+ - attributes
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: Unique ID of this transform
+ example: 2cd78adghjkja34jh2b1hkjhasuecd
+ name:
+ type: string
+ description: Unique name of this transform
+ example: Timestamp To Date
+ type:
+ type: string
+ description: The type of transform operation
+ enum:
+ - accountAttribute
+ - base64Decode
+ - base64Encode
+ - concat
+ - conditional
+ - dateCompare
+ - dateFormat
+ - dateMath
+ - decomposeDiacriticalMarks
+ - e164phone
+ - firstValid
+ - rule
+ - identityAttribute
+ - indexOf
+ - iso3166
+ - lastIndexOf
+ - leftPad
+ - lookup
+ - lower
+ - normalizeNames
+ - randomAlphaNumeric
+ - randomNumeric
+ - reference
+ - replaceAll
+ - replace
+ - rightPad
+ - split
+ - static
+ - substring
+ - trim
+ - upper
+ - usernameGenerator
+ - uuid
+ example: dateFormat
+ externalDocs:
+ description: Transform Operations
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
+ attributes:
+ description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: base64Decode
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: base64Encode
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: concat
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: array
+ items:
+ type: object
+ description: An array of items to join together
+ example:
+ - John
+ - ' '
+ - Smith
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: conditional
+ type: object
+ required:
+ - expression
+ - positiveCondition
+ - negativeCondition
+ properties:
+ expression:
+ type: string
+ description: |-
+ A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
+
+ The `eq` operator is the only valid comparison
+ example: ValueA eq ValueB
+ positiveCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to true
+ example: 'true'
+ negativeCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to false
+ example: 'false'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateCompare
+ type: object
+ required:
+ - firstDate
+ - secondDate
+ - operator
+ - positiveCondition
+ - negativeCondition
+ properties:
+ firstDate:
+ description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ secondDate:
+ description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ operator:
+ type: string
+ description: |
+ This is the comparison to perform.
+ | Operation | Description |
+ | --------- | ------- |
+ | LT | Strictly less than: firstDate < secondDate |
+ | LTE | Less than or equal to: firstDate <= secondDate |
+ | GT | Strictly greater than: firstDate > secondDate |
+ | GTE | Greater than or equal to: firstDate >= secondDate |
+ enum:
+ - LT
+ - LTE
+ - GT
+ - GTE
+ example: LT
+ positiveCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to true
+ example: 'true'
+ negativeCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to false
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateMath
+ type: object
+ required:
+ - expression
+ properties:
+ expression:
+ type: string
+ description: |
+ A string value of the date and time components to operation on, along with the math operations to execute.
+ externalDocs:
+ description: Date Math Expressions
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
+ example: now+1w
+ roundUp:
+ type: boolean
+ description: |
+ A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
+
+
+ If not provided, the transform will default to `false`
+
+
+ `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
+
+
+ `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: decomposeDiacriticalMarks
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: e164phone
+ type: object
+ properties:
+ defaultRegion:
+ type: string
+ description: |
+ This is an optional attribute that can be used to define the region of the phone number to format into.
+
+
+ If defaultRegion is not provided, it will take US as the default country.
+
+
+ The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
+ example: US
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: firstValid
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: array
+ items:
+ type: object
+ description: An array of attributes to evaluate for existence.
+ example:
+ - attributes:
+ sourceName: Active Directory
+ attributeName: sAMAccountName
+ type: accountAttribute
+ - attributes:
+ sourceName: Okta
+ attributeName: login
+ type: accountAttribute
+ - attributes:
+ sourceName: HR Source
+ attributeName: employeeID
+ type: accountAttribute
+ ignoreErrors:
+ type: boolean
+ description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ - title: rule
+ oneOf:
+ - type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description: This is the name of the Generic rule that needs to be invoked by the transform
+ example: Generic Calculation Rule
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - type: object
+ required:
+ - name
+ - operation
+ - includeNumbers
+ - includeSpecialChars
+ - length
+ properties:
+ name:
+ type: string
+ description: This must always be set to "Cloud Services Deployment Utility"
+ example: Cloud Services Deployment Utility
+ operation:
+ type: string
+ description: The operation to perform `generateRandomString`
+ example: generateRandomString
+ includeNumbers:
+ type: boolean
+ description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
+ example: true
+ includeSpecialChars:
+ type: boolean
+ description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
+ example: true
+ length:
+ type: string
+ description: |
+ This specifies how long the randomly generated string needs to be
+
+
+ >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - type: object
+ required:
+ - name
+ - operation
+ - uid
+ properties:
+ name:
+ type: string
+ description: This must always be set to "Cloud Services Deployment Utility"
+ example: Cloud Services Deployment Utility
+ operation:
+ type: string
+ description: The operation to perform `getReferenceIdentityAttribute`
+ example: getReferenceIdentityAttribute
+ uid:
+ type: string
+ description: |
+ This is the SailPoint User Name (uid) value of the identity whose attribute is desired
+
+ As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
+ example: 2c91808570313110017040b06f344ec9
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - title: identityAttribute
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description: The system (camel-cased) name of the identity attribute to bring in
+ example: email
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: indexOf
+ type: object
+ required:
+ - substring
+ properties:
+ substring:
+ type: string
+ description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
+ example: admin_
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: iso3166
+ type: object
+ properties:
+ format:
+ type: string
+ description: |
+ An optional value to denote which ISO 3166 format to return. Valid values are:
+
+
+ `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
+
+
+ `alpha3` - Three-character country code (e.g., "USA")
+
+
+ `numeric` - The numeric country code (e.g., "840")
+ example: alpha2
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: leftPad
+ type: object
+ required:
+ - length
+ properties:
+ length:
+ type: string
+ description: An integer value for the desired length of the final output string
+ example: '4'
+ padding:
+ type: string
+ description: |
+ A string value representing the character that the incoming data should be padded with to get to the desired length
+
+
+ If not provided, the transform will default to a single space (" ") character for padding
+ example: '0'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: lookup
+ type: object
+ required:
+ - table
+ properties:
+ table:
+ type: object
+ additionalProperties: true
+ description: |
+ This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
+
+
+ >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
+ example:
+ USA: Americas
+ FRA: EMEA
+ AUS: APAC
+ default: Unknown Region
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: lower
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: nameNormalizer
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: randomAlphaNumeric
+ type: object
+ properties:
+ length:
+ type: string
+ description: |
+ This is an integer value specifying the size/number of characters the random string must contain
+
+
+ * This value must be a positive number and cannot be blank
+
+
+ * If no length is provided, the transform will default to a value of `32`
+
+
+ * Due to identity attribute data constraints, the maximum allowable value is `450` characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: randomNumeric
+ type: object
+ properties:
+ length:
+ type: string
+ description: |
+ This is an integer value specifying the size/number of characters the random string must contain
+
+
+ * This value must be a positive number and cannot be blank
+
+
+ * If no length is provided, the transform will default to a value of `32`
+
+
+ * Due to identity attribute data constraints, the maximum allowable value is `450` characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: reference
+ type: object
+ required:
+ - id
+ properties:
+ id:
+ type: string
+ description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
+ example: Existing Transform
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: replaceAll
+ type: object
+ required:
+ - table
+ properties:
+ table:
+ type: object
+ additionalProperties: true
+ description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
+ example:
+ '-': ' '
+ '"': ''''
+ ñ: 'n'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: replace
+ type: object
+ required:
+ - regex
+ - replacement
+ properties:
+ regex:
+ type: string
+ description: This can be a string or a regex pattern in which you want to replace.
+ example: '[^a-zA-Z]'
+ externalDocs:
+ description: Regex Builder
+ url: 'https://regex101.com/'
+ replacement:
+ type: string
+ description: This is the replacement string that should be substituded wherever the string or pattern is found.
+ example: ' '
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: rightPad
+ type: object
+ required:
+ - length
+ properties:
+ length:
+ type: string
+ description: An integer value for the desired length of the final output string
+ example: '4'
+ padding:
+ type: string
+ description: |
+ A string value representing the character that the incoming data should be padded with to get to the desired length
+
+
+ If not provided, the transform will default to a single space (" ") character for padding
+ example: '0'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: split
+ type: object
+ required:
+ - delimiter
+ - index
+ properties:
+ delimiter:
+ type: string
+ description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
+ example: ','
+ index:
+ type: string
+ description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
+ example: '5'
+ throws:
+ type: boolean
+ description: |
+ A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
+
+
+ `true` - The transform should return "IndexOutOfBoundsException"
+
+
+ `false` - The transform should return null
+
+
+ If not provided, the transform will default to false and return a null
+ example: true
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: static
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: string
+ description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
+ example: string$variable
+ externalDocs:
+ description: Static Transform Documentation
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ - title: substring
+ type: object
+ required:
+ - begin
+ properties:
+ begin:
+ type: integer
+ description: |
+ The index of the first character to include in the returned substring.
+
+
+ If `begin` is set to -1, the transform will begin at character 0 of the input data
+ example: 1
+ format: int32
+ beginOffset:
+ type: integer
+ description: |
+ This integer value is the number of characters to add to the begin attribute when returning a substring.
+
+ This attribute is only used if begin is not -1.
+ example: 3
+ format: int32
+ end:
+ type: integer
+ description: |
+ The index of the first character to exclude from the returned substring.
+
+ If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
+ example: 6
+ format: int32
+ endOffset:
+ type: integer
+ description: |
+ This integer value is the number of characters to add to the end attribute when returning a substring.
+
+ This attribute is only used if end is provided and is not -1.
+ example: 1
+ format: int32
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: trim
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: upper
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: uuid
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ internal:
+ type: boolean
+ readOnly: true
+ description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
+ example: false
+ example:
+ - id: 2cd78adghjkja34jh2b1hkjhasuecd
+ name: Timestamp To Date
+ type: dateFormat
+ attributes:
+ inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS'
+ outputFormat: yyyy/dd/MM
+ internal: false
+ - id: 2lkas8dhj4bkuakja77giih7l4ashh
+ name: PrefixSubstring
+ type: substring
+ attributes:
+ begin: 0
+ end: 3
+ internal: true
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:transforms-list:read'
+ post:
+ tags:
+ - Transforms
+ summary: Create transform
+ description: 'Creates a new transform object immediately. By default, the internal flag is set to false to indicate that this is a custom transform. Only SailPoint employees have the ability to create a transform with internal set to true. Newly created Transforms can be used in the Identity Profile mappings within the UI. A token with transform write authority is required to call this API.'
+ operationId: createTransform
+ requestBody:
+ required: true
+ description: The transform to be created.
+ content:
+ application/json:
+ schema:
+ type: object
+ description: The representation of an internally- or customer-defined transform.
+ required:
+ - name
+ - type
+ - attributes
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: Unique ID of this transform
+ example: 2cd78adghjkja34jh2b1hkjhasuecd
+ name:
+ type: string
+ description: Unique name of this transform
+ example: Timestamp To Date
+ type:
+ type: string
+ description: The type of transform operation
+ enum:
+ - accountAttribute
+ - base64Decode
+ - base64Encode
+ - concat
+ - conditional
+ - dateCompare
+ - dateFormat
+ - dateMath
+ - decomposeDiacriticalMarks
+ - e164phone
+ - firstValid
+ - rule
+ - identityAttribute
+ - indexOf
+ - iso3166
+ - lastIndexOf
+ - leftPad
+ - lookup
+ - lower
+ - normalizeNames
+ - randomAlphaNumeric
+ - randomNumeric
+ - reference
+ - replaceAll
+ - replace
+ - rightPad
+ - split
+ - static
+ - substring
+ - trim
+ - upper
+ - usernameGenerator
+ - uuid
+ example: dateFormat
+ externalDocs:
+ description: Transform Operations
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
+ attributes:
+ description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: base64Decode
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: base64Encode
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: concat
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: array
+ items:
+ type: object
+ description: An array of items to join together
+ example:
+ - John
+ - ' '
+ - Smith
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: conditional
+ type: object
+ required:
+ - expression
+ - positiveCondition
+ - negativeCondition
+ properties:
+ expression:
+ type: string
+ description: |-
+ A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
+
+ The `eq` operator is the only valid comparison
+ example: ValueA eq ValueB
+ positiveCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to true
+ example: 'true'
+ negativeCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to false
+ example: 'false'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateCompare
+ type: object
+ required:
+ - firstDate
+ - secondDate
+ - operator
+ - positiveCondition
+ - negativeCondition
+ properties:
+ firstDate:
+ description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ secondDate:
+ description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ operator:
+ type: string
+ description: |
+ This is the comparison to perform.
+ | Operation | Description |
+ | --------- | ------- |
+ | LT | Strictly less than: firstDate < secondDate |
+ | LTE | Less than or equal to: firstDate <= secondDate |
+ | GT | Strictly greater than: firstDate > secondDate |
+ | GTE | Greater than or equal to: firstDate >= secondDate |
+ enum:
+ - LT
+ - LTE
+ - GT
+ - GTE
+ example: LT
+ positiveCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to true
+ example: 'true'
+ negativeCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to false
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateMath
+ type: object
+ required:
+ - expression
+ properties:
+ expression:
+ type: string
+ description: |
+ A string value of the date and time components to operation on, along with the math operations to execute.
+ externalDocs:
+ description: Date Math Expressions
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
+ example: now+1w
+ roundUp:
+ type: boolean
+ description: |
+ A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
+
+
+ If not provided, the transform will default to `false`
+
+
+ `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
+
+
+ `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: decomposeDiacriticalMarks
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: e164phone
+ type: object
+ properties:
+ defaultRegion:
+ type: string
+ description: |
+ This is an optional attribute that can be used to define the region of the phone number to format into.
+
+
+ If defaultRegion is not provided, it will take US as the default country.
+
+
+ The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
+ example: US
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: firstValid
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: array
+ items:
+ type: object
+ description: An array of attributes to evaluate for existence.
+ example:
+ - attributes:
+ sourceName: Active Directory
+ attributeName: sAMAccountName
+ type: accountAttribute
+ - attributes:
+ sourceName: Okta
+ attributeName: login
+ type: accountAttribute
+ - attributes:
+ sourceName: HR Source
+ attributeName: employeeID
+ type: accountAttribute
+ ignoreErrors:
+ type: boolean
+ description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ - title: rule
+ oneOf:
+ - type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description: This is the name of the Generic rule that needs to be invoked by the transform
+ example: Generic Calculation Rule
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - type: object
+ required:
+ - name
+ - operation
+ - includeNumbers
+ - includeSpecialChars
+ - length
+ properties:
+ name:
+ type: string
+ description: This must always be set to "Cloud Services Deployment Utility"
+ example: Cloud Services Deployment Utility
+ operation:
+ type: string
+ description: The operation to perform `generateRandomString`
+ example: generateRandomString
+ includeNumbers:
+ type: boolean
+ description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
+ example: true
+ includeSpecialChars:
+ type: boolean
+ description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
+ example: true
+ length:
+ type: string
+ description: |
+ This specifies how long the randomly generated string needs to be
+
+
+ >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - type: object
+ required:
+ - name
+ - operation
+ - uid
+ properties:
+ name:
+ type: string
+ description: This must always be set to "Cloud Services Deployment Utility"
+ example: Cloud Services Deployment Utility
+ operation:
+ type: string
+ description: The operation to perform `getReferenceIdentityAttribute`
+ example: getReferenceIdentityAttribute
+ uid:
+ type: string
+ description: |
+ This is the SailPoint User Name (uid) value of the identity whose attribute is desired
+
+ As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
+ example: 2c91808570313110017040b06f344ec9
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - title: identityAttribute
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description: The system (camel-cased) name of the identity attribute to bring in
+ example: email
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: indexOf
+ type: object
+ required:
+ - substring
+ properties:
+ substring:
+ type: string
+ description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
+ example: admin_
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: iso3166
+ type: object
+ properties:
+ format:
+ type: string
+ description: |
+ An optional value to denote which ISO 3166 format to return. Valid values are:
+
+
+ `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
+
+
+ `alpha3` - Three-character country code (e.g., "USA")
+
+
+ `numeric` - The numeric country code (e.g., "840")
+ example: alpha2
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: leftPad
+ type: object
+ required:
+ - length
+ properties:
+ length:
+ type: string
+ description: An integer value for the desired length of the final output string
+ example: '4'
+ padding:
+ type: string
+ description: |
+ A string value representing the character that the incoming data should be padded with to get to the desired length
+
+
+ If not provided, the transform will default to a single space (" ") character for padding
+ example: '0'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: lookup
+ type: object
+ required:
+ - table
+ properties:
+ table:
+ type: object
+ additionalProperties: true
+ description: |
+ This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
+
+
+ >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
+ example:
+ USA: Americas
+ FRA: EMEA
+ AUS: APAC
+ default: Unknown Region
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: lower
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: nameNormalizer
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: randomAlphaNumeric
+ type: object
+ properties:
+ length:
+ type: string
+ description: |
+ This is an integer value specifying the size/number of characters the random string must contain
+
+
+ * This value must be a positive number and cannot be blank
+
+
+ * If no length is provided, the transform will default to a value of `32`
+
+
+ * Due to identity attribute data constraints, the maximum allowable value is `450` characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: randomNumeric
+ type: object
+ properties:
+ length:
+ type: string
+ description: |
+ This is an integer value specifying the size/number of characters the random string must contain
+
+
+ * This value must be a positive number and cannot be blank
+
+
+ * If no length is provided, the transform will default to a value of `32`
+
+
+ * Due to identity attribute data constraints, the maximum allowable value is `450` characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: reference
+ type: object
+ required:
+ - id
+ properties:
+ id:
+ type: string
+ description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
+ example: Existing Transform
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: replaceAll
+ type: object
+ required:
+ - table
+ properties:
+ table:
+ type: object
+ additionalProperties: true
+ description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
+ example:
+ '-': ' '
+ '"': ''''
+ ñ: 'n'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: replace
+ type: object
+ required:
+ - regex
+ - replacement
+ properties:
+ regex:
+ type: string
+ description: This can be a string or a regex pattern in which you want to replace.
+ example: '[^a-zA-Z]'
+ externalDocs:
+ description: Regex Builder
+ url: 'https://regex101.com/'
+ replacement:
+ type: string
+ description: This is the replacement string that should be substituded wherever the string or pattern is found.
+ example: ' '
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: rightPad
+ type: object
+ required:
+ - length
+ properties:
+ length:
+ type: string
+ description: An integer value for the desired length of the final output string
+ example: '4'
+ padding:
+ type: string
+ description: |
+ A string value representing the character that the incoming data should be padded with to get to the desired length
+
+
+ If not provided, the transform will default to a single space (" ") character for padding
+ example: '0'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: split
+ type: object
+ required:
+ - delimiter
+ - index
+ properties:
+ delimiter:
+ type: string
+ description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
+ example: ','
+ index:
+ type: string
+ description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
+ example: '5'
+ throws:
+ type: boolean
+ description: |
+ A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
+
+
+ `true` - The transform should return "IndexOutOfBoundsException"
+
+
+ `false` - The transform should return null
+
+
+ If not provided, the transform will default to false and return a null
+ example: true
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: static
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: string
+ description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
+ example: string$variable
+ externalDocs:
+ description: Static Transform Documentation
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ - title: substring
+ type: object
+ required:
+ - begin
+ properties:
+ begin:
+ type: integer
+ description: |
+ The index of the first character to include in the returned substring.
+
+
+ If `begin` is set to -1, the transform will begin at character 0 of the input data
+ example: 1
+ format: int32
+ beginOffset:
+ type: integer
+ description: |
+ This integer value is the number of characters to add to the begin attribute when returning a substring.
+
+ This attribute is only used if begin is not -1.
+ example: 3
+ format: int32
+ end:
+ type: integer
+ description: |
+ The index of the first character to exclude from the returned substring.
+
+ If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
+ example: 6
+ format: int32
+ endOffset:
+ type: integer
+ description: |
+ This integer value is the number of characters to add to the end attribute when returning a substring.
+
+ This attribute is only used if end is provided and is not -1.
+ example: 1
+ format: int32
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: trim
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: upper
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: uuid
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ internal:
+ type: boolean
+ readOnly: true
+ description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
+ example: false
+ example:
+ name: Timestamp To Date
+ type: dateFormat
+ attributes:
+ inputFormat: 'MMM dd yyyy, HH:mm:ss.SSS'
+ outputFormat: yyyy/dd/MM
+ responses:
+ '201':
+ description: Indicates the transform was successfully created and returns its representation.
+ content:
+ application/json:
+ schema:
+ type: object
+ description: The representation of an internally- or customer-defined transform.
+ required:
+ - name
+ - type
+ - attributes
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: Unique ID of this transform
+ example: 2cd78adghjkja34jh2b1hkjhasuecd
+ name:
+ type: string
+ description: Unique name of this transform
+ example: Timestamp To Date
+ type:
+ type: string
+ description: The type of transform operation
+ enum:
+ - accountAttribute
+ - base64Decode
+ - base64Encode
+ - concat
+ - conditional
+ - dateCompare
+ - dateFormat
+ - dateMath
+ - decomposeDiacriticalMarks
+ - e164phone
+ - firstValid
+ - rule
+ - identityAttribute
+ - indexOf
+ - iso3166
+ - lastIndexOf
+ - leftPad
+ - lookup
+ - lower
+ - normalizeNames
+ - randomAlphaNumeric
+ - randomNumeric
+ - reference
+ - replaceAll
+ - replace
+ - rightPad
+ - split
+ - static
+ - substring
+ - trim
+ - upper
+ - usernameGenerator
+ - uuid
+ example: dateFormat
+ externalDocs:
+ description: Transform Operations
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
+ attributes:
+ description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: base64Decode
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: base64Encode
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: concat
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: array
+ items:
+ type: object
+ description: An array of items to join together
+ example:
+ - John
+ - ' '
+ - Smith
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: conditional
+ type: object
+ required:
+ - expression
+ - positiveCondition
+ - negativeCondition
+ properties:
+ expression:
+ type: string
+ description: |-
+ A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
+
+ The `eq` operator is the only valid comparison
+ example: ValueA eq ValueB
+ positiveCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to true
+ example: 'true'
+ negativeCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to false
+ example: 'false'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateCompare
+ type: object
+ required:
+ - firstDate
+ - secondDate
+ - operator
+ - positiveCondition
+ - negativeCondition
+ properties:
+ firstDate:
+ description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ secondDate:
+ description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ operator:
+ type: string
+ description: |
+ This is the comparison to perform.
+ | Operation | Description |
+ | --------- | ------- |
+ | LT | Strictly less than: firstDate < secondDate |
+ | LTE | Less than or equal to: firstDate <= secondDate |
+ | GT | Strictly greater than: firstDate > secondDate |
+ | GTE | Greater than or equal to: firstDate >= secondDate |
+ enum:
+ - LT
+ - LTE
+ - GT
+ - GTE
+ example: LT
+ positiveCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to true
+ example: 'true'
+ negativeCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to false
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateMath
+ type: object
+ required:
+ - expression
+ properties:
+ expression:
+ type: string
+ description: |
+ A string value of the date and time components to operation on, along with the math operations to execute.
+ externalDocs:
+ description: Date Math Expressions
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
+ example: now+1w
+ roundUp:
+ type: boolean
+ description: |
+ A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
+
+
+ If not provided, the transform will default to `false`
+
+
+ `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
+
+
+ `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: decomposeDiacriticalMarks
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: e164phone
+ type: object
+ properties:
+ defaultRegion:
+ type: string
+ description: |
+ This is an optional attribute that can be used to define the region of the phone number to format into.
+
+
+ If defaultRegion is not provided, it will take US as the default country.
+
+
+ The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
+ example: US
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: firstValid
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: array
+ items:
+ type: object
+ description: An array of attributes to evaluate for existence.
+ example:
+ - attributes:
+ sourceName: Active Directory
+ attributeName: sAMAccountName
+ type: accountAttribute
+ - attributes:
+ sourceName: Okta
+ attributeName: login
+ type: accountAttribute
+ - attributes:
+ sourceName: HR Source
+ attributeName: employeeID
+ type: accountAttribute
+ ignoreErrors:
+ type: boolean
+ description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ - title: rule
+ oneOf:
+ - type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description: This is the name of the Generic rule that needs to be invoked by the transform
+ example: Generic Calculation Rule
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - type: object
+ required:
+ - name
+ - operation
+ - includeNumbers
+ - includeSpecialChars
+ - length
+ properties:
+ name:
+ type: string
+ description: This must always be set to "Cloud Services Deployment Utility"
+ example: Cloud Services Deployment Utility
+ operation:
+ type: string
+ description: The operation to perform `generateRandomString`
+ example: generateRandomString
+ includeNumbers:
+ type: boolean
+ description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
+ example: true
+ includeSpecialChars:
+ type: boolean
+ description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
+ example: true
+ length:
+ type: string
+ description: |
+ This specifies how long the randomly generated string needs to be
+
+
+ >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - type: object
+ required:
+ - name
+ - operation
+ - uid
+ properties:
+ name:
+ type: string
+ description: This must always be set to "Cloud Services Deployment Utility"
+ example: Cloud Services Deployment Utility
+ operation:
+ type: string
+ description: The operation to perform `getReferenceIdentityAttribute`
+ example: getReferenceIdentityAttribute
+ uid:
+ type: string
+ description: |
+ This is the SailPoint User Name (uid) value of the identity whose attribute is desired
+
+ As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
+ example: 2c91808570313110017040b06f344ec9
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - title: identityAttribute
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description: The system (camel-cased) name of the identity attribute to bring in
+ example: email
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: indexOf
+ type: object
+ required:
+ - substring
+ properties:
+ substring:
+ type: string
+ description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
+ example: admin_
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: iso3166
+ type: object
+ properties:
+ format:
+ type: string
+ description: |
+ An optional value to denote which ISO 3166 format to return. Valid values are:
+
+
+ `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
+
+
+ `alpha3` - Three-character country code (e.g., "USA")
+
+
+ `numeric` - The numeric country code (e.g., "840")
+ example: alpha2
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: leftPad
+ type: object
+ required:
+ - length
+ properties:
+ length:
+ type: string
+ description: An integer value for the desired length of the final output string
+ example: '4'
+ padding:
+ type: string
+ description: |
+ A string value representing the character that the incoming data should be padded with to get to the desired length
+
+
+ If not provided, the transform will default to a single space (" ") character for padding
+ example: '0'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: lookup
+ type: object
+ required:
+ - table
+ properties:
+ table:
+ type: object
+ additionalProperties: true
+ description: |
+ This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
+
+
+ >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
+ example:
+ USA: Americas
+ FRA: EMEA
+ AUS: APAC
+ default: Unknown Region
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: lower
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: nameNormalizer
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: randomAlphaNumeric
+ type: object
+ properties:
+ length:
+ type: string
+ description: |
+ This is an integer value specifying the size/number of characters the random string must contain
+
+
+ * This value must be a positive number and cannot be blank
+
+
+ * If no length is provided, the transform will default to a value of `32`
+
+
+ * Due to identity attribute data constraints, the maximum allowable value is `450` characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: randomNumeric
+ type: object
+ properties:
+ length:
+ type: string
+ description: |
+ This is an integer value specifying the size/number of characters the random string must contain
+
+
+ * This value must be a positive number and cannot be blank
+
+
+ * If no length is provided, the transform will default to a value of `32`
+
+
+ * Due to identity attribute data constraints, the maximum allowable value is `450` characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: reference
+ type: object
+ required:
+ - id
+ properties:
+ id:
+ type: string
+ description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
+ example: Existing Transform
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: replaceAll
+ type: object
+ required:
+ - table
+ properties:
+ table:
+ type: object
+ additionalProperties: true
+ description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
+ example:
+ '-': ' '
+ '"': ''''
+ ñ: 'n'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: replace
+ type: object
+ required:
+ - regex
+ - replacement
+ properties:
+ regex:
+ type: string
+ description: This can be a string or a regex pattern in which you want to replace.
+ example: '[^a-zA-Z]'
+ externalDocs:
+ description: Regex Builder
+ url: 'https://regex101.com/'
+ replacement:
+ type: string
+ description: This is the replacement string that should be substituded wherever the string or pattern is found.
+ example: ' '
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: rightPad
+ type: object
+ required:
+ - length
+ properties:
+ length:
+ type: string
+ description: An integer value for the desired length of the final output string
+ example: '4'
+ padding:
+ type: string
+ description: |
+ A string value representing the character that the incoming data should be padded with to get to the desired length
+
+
+ If not provided, the transform will default to a single space (" ") character for padding
+ example: '0'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: split
+ type: object
+ required:
+ - delimiter
+ - index
+ properties:
+ delimiter:
+ type: string
+ description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
+ example: ','
+ index:
+ type: string
+ description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
+ example: '5'
+ throws:
+ type: boolean
+ description: |
+ A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
+
+
+ `true` - The transform should return "IndexOutOfBoundsException"
+
+
+ `false` - The transform should return null
+
+
+ If not provided, the transform will default to false and return a null
+ example: true
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: static
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: string
+ description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
+ example: string$variable
+ externalDocs:
+ description: Static Transform Documentation
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ - title: substring
+ type: object
+ required:
+ - begin
+ properties:
+ begin:
+ type: integer
+ description: |
+ The index of the first character to include in the returned substring.
+
+
+ If `begin` is set to -1, the transform will begin at character 0 of the input data
+ example: 1
+ format: int32
+ beginOffset:
+ type: integer
+ description: |
+ This integer value is the number of characters to add to the begin attribute when returning a substring.
+
+ This attribute is only used if begin is not -1.
+ example: 3
+ format: int32
+ end:
+ type: integer
+ description: |
+ The index of the first character to exclude from the returned substring.
+
+ If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
+ example: 6
+ format: int32
+ endOffset:
+ type: integer
+ description: |
+ This integer value is the number of characters to add to the end attribute when returning a substring.
+
+ This attribute is only used if end is provided and is not -1.
+ example: 1
+ format: int32
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: trim
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: upper
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: uuid
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ internal:
+ type: boolean
+ readOnly: true
+ description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
+ example: false
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:transforms:write'
+ '/transforms/{id}':
+ get:
+ tags:
+ - Transforms
+ summary: Transform by ID
+ description: |-
+ This API returns the transform specified by the given ID.
+ A token with transform read authority is required to call this API.
+ operationId: getTransform
+ parameters:
+ - name: id
+ in: path
+ description: ID of the transform to retrieve
+ required: true
+ style: simple
+ explode: false
+ example: 2cd78adghjkja34jh2b1hkjhasuecd
+ schema:
+ type: string
+ responses:
+ '200':
+ description: Transform with the given ID
+ content:
+ application/json:
+ schema:
+ type: object
+ description: The representation of an internally- or customer-defined transform.
+ required:
+ - name
+ - type
+ - attributes
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: Unique ID of this transform
+ example: 2cd78adghjkja34jh2b1hkjhasuecd
+ name:
+ type: string
+ description: Unique name of this transform
+ example: Timestamp To Date
+ type:
+ type: string
+ description: The type of transform operation
+ enum:
+ - accountAttribute
+ - base64Decode
+ - base64Encode
+ - concat
+ - conditional
+ - dateCompare
+ - dateFormat
+ - dateMath
+ - decomposeDiacriticalMarks
+ - e164phone
+ - firstValid
+ - rule
+ - identityAttribute
+ - indexOf
+ - iso3166
+ - lastIndexOf
+ - leftPad
+ - lookup
+ - lower
+ - normalizeNames
+ - randomAlphaNumeric
+ - randomNumeric
+ - reference
+ - replaceAll
+ - replace
+ - rightPad
+ - split
+ - static
+ - substring
+ - trim
+ - upper
+ - usernameGenerator
+ - uuid
+ example: dateFormat
+ externalDocs:
+ description: Transform Operations
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
+ attributes:
+ description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: base64Decode
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: base64Encode
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: concat
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: array
+ items:
+ type: object
+ description: An array of items to join together
+ example:
+ - John
+ - ' '
+ - Smith
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: conditional
+ type: object
+ required:
+ - expression
+ - positiveCondition
+ - negativeCondition
+ properties:
+ expression:
+ type: string
+ description: |-
+ A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
+
+ The `eq` operator is the only valid comparison
+ example: ValueA eq ValueB
+ positiveCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to true
+ example: 'true'
+ negativeCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to false
+ example: 'false'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateCompare
+ type: object
+ required:
+ - firstDate
+ - secondDate
+ - operator
+ - positiveCondition
+ - negativeCondition
+ properties:
+ firstDate:
+ description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ secondDate:
+ description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ operator:
+ type: string
+ description: |
+ This is the comparison to perform.
+ | Operation | Description |
+ | --------- | ------- |
+ | LT | Strictly less than: firstDate < secondDate |
+ | LTE | Less than or equal to: firstDate <= secondDate |
+ | GT | Strictly greater than: firstDate > secondDate |
+ | GTE | Greater than or equal to: firstDate >= secondDate |
+ enum:
+ - LT
+ - LTE
+ - GT
+ - GTE
+ example: LT
+ positiveCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to true
+ example: 'true'
+ negativeCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to false
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateMath
+ type: object
+ required:
+ - expression
+ properties:
+ expression:
+ type: string
+ description: |
+ A string value of the date and time components to operation on, along with the math operations to execute.
+ externalDocs:
+ description: Date Math Expressions
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
+ example: now+1w
+ roundUp:
+ type: boolean
+ description: |
+ A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
+
+
+ If not provided, the transform will default to `false`
+
+
+ `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
+
+
+ `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: decomposeDiacriticalMarks
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: e164phone
+ type: object
+ properties:
+ defaultRegion:
+ type: string
+ description: |
+ This is an optional attribute that can be used to define the region of the phone number to format into.
+
+
+ If defaultRegion is not provided, it will take US as the default country.
+
+
+ The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
+ example: US
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: firstValid
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: array
+ items:
+ type: object
+ description: An array of attributes to evaluate for existence.
+ example:
+ - attributes:
+ sourceName: Active Directory
+ attributeName: sAMAccountName
+ type: accountAttribute
+ - attributes:
+ sourceName: Okta
+ attributeName: login
+ type: accountAttribute
+ - attributes:
+ sourceName: HR Source
+ attributeName: employeeID
+ type: accountAttribute
+ ignoreErrors:
+ type: boolean
+ description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ - title: rule
+ oneOf:
+ - type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description: This is the name of the Generic rule that needs to be invoked by the transform
+ example: Generic Calculation Rule
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - type: object
+ required:
+ - name
+ - operation
+ - includeNumbers
+ - includeSpecialChars
+ - length
+ properties:
+ name:
+ type: string
+ description: This must always be set to "Cloud Services Deployment Utility"
+ example: Cloud Services Deployment Utility
+ operation:
+ type: string
+ description: The operation to perform `generateRandomString`
+ example: generateRandomString
+ includeNumbers:
+ type: boolean
+ description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
+ example: true
+ includeSpecialChars:
+ type: boolean
+ description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
+ example: true
+ length:
+ type: string
+ description: |
+ This specifies how long the randomly generated string needs to be
+
+
+ >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - type: object
+ required:
+ - name
+ - operation
+ - uid
+ properties:
+ name:
+ type: string
+ description: This must always be set to "Cloud Services Deployment Utility"
+ example: Cloud Services Deployment Utility
+ operation:
+ type: string
+ description: The operation to perform `getReferenceIdentityAttribute`
+ example: getReferenceIdentityAttribute
+ uid:
+ type: string
+ description: |
+ This is the SailPoint User Name (uid) value of the identity whose attribute is desired
+
+ As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
+ example: 2c91808570313110017040b06f344ec9
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - title: identityAttribute
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description: The system (camel-cased) name of the identity attribute to bring in
+ example: email
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: indexOf
+ type: object
+ required:
+ - substring
+ properties:
+ substring:
+ type: string
+ description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
+ example: admin_
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: iso3166
+ type: object
+ properties:
+ format:
+ type: string
+ description: |
+ An optional value to denote which ISO 3166 format to return. Valid values are:
+
+
+ `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
+
+
+ `alpha3` - Three-character country code (e.g., "USA")
+
+
+ `numeric` - The numeric country code (e.g., "840")
+ example: alpha2
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: leftPad
+ type: object
+ required:
+ - length
+ properties:
+ length:
+ type: string
+ description: An integer value for the desired length of the final output string
+ example: '4'
+ padding:
+ type: string
+ description: |
+ A string value representing the character that the incoming data should be padded with to get to the desired length
+
+
+ If not provided, the transform will default to a single space (" ") character for padding
+ example: '0'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: lookup
+ type: object
+ required:
+ - table
+ properties:
+ table:
+ type: object
+ additionalProperties: true
+ description: |
+ This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
+
+
+ >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
+ example:
+ USA: Americas
+ FRA: EMEA
+ AUS: APAC
+ default: Unknown Region
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: lower
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: nameNormalizer
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: randomAlphaNumeric
+ type: object
+ properties:
+ length:
+ type: string
+ description: |
+ This is an integer value specifying the size/number of characters the random string must contain
+
+
+ * This value must be a positive number and cannot be blank
+
+
+ * If no length is provided, the transform will default to a value of `32`
+
+
+ * Due to identity attribute data constraints, the maximum allowable value is `450` characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: randomNumeric
+ type: object
+ properties:
+ length:
+ type: string
+ description: |
+ This is an integer value specifying the size/number of characters the random string must contain
+
+
+ * This value must be a positive number and cannot be blank
+
+
+ * If no length is provided, the transform will default to a value of `32`
+
+
+ * Due to identity attribute data constraints, the maximum allowable value is `450` characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: reference
+ type: object
+ required:
+ - id
+ properties:
+ id:
+ type: string
+ description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
+ example: Existing Transform
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: replaceAll
+ type: object
+ required:
+ - table
+ properties:
+ table:
+ type: object
+ additionalProperties: true
+ description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
+ example:
+ '-': ' '
+ '"': ''''
+ ñ: 'n'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: replace
+ type: object
+ required:
+ - regex
+ - replacement
+ properties:
+ regex:
+ type: string
+ description: This can be a string or a regex pattern in which you want to replace.
+ example: '[^a-zA-Z]'
+ externalDocs:
+ description: Regex Builder
+ url: 'https://regex101.com/'
+ replacement:
+ type: string
+ description: This is the replacement string that should be substituded wherever the string or pattern is found.
+ example: ' '
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: rightPad
+ type: object
+ required:
+ - length
+ properties:
+ length:
+ type: string
+ description: An integer value for the desired length of the final output string
+ example: '4'
+ padding:
+ type: string
+ description: |
+ A string value representing the character that the incoming data should be padded with to get to the desired length
+
+
+ If not provided, the transform will default to a single space (" ") character for padding
+ example: '0'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: split
+ type: object
+ required:
+ - delimiter
+ - index
+ properties:
+ delimiter:
+ type: string
+ description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
+ example: ','
+ index:
+ type: string
+ description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
+ example: '5'
+ throws:
+ type: boolean
+ description: |
+ A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
+
+
+ `true` - The transform should return "IndexOutOfBoundsException"
+
+
+ `false` - The transform should return null
+
+
+ If not provided, the transform will default to false and return a null
+ example: true
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: static
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: string
+ description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
+ example: string$variable
+ externalDocs:
+ description: Static Transform Documentation
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ - title: substring
+ type: object
+ required:
+ - begin
+ properties:
+ begin:
+ type: integer
+ description: |
+ The index of the first character to include in the returned substring.
+
+
+ If `begin` is set to -1, the transform will begin at character 0 of the input data
+ example: 1
+ format: int32
+ beginOffset:
+ type: integer
+ description: |
+ This integer value is the number of characters to add to the begin attribute when returning a substring.
+
+ This attribute is only used if begin is not -1.
+ example: 3
+ format: int32
+ end:
+ type: integer
+ description: |
+ The index of the first character to exclude from the returned substring.
+
+ If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
+ example: 6
+ format: int32
+ endOffset:
+ type: integer
+ description: |
+ This integer value is the number of characters to add to the end attribute when returning a substring.
+
+ This attribute is only used if end is provided and is not -1.
+ example: 1
+ format: int32
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: trim
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: upper
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: uuid
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ internal:
+ type: boolean
+ readOnly: true
+ description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
+ example: false
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:transforms:read'
+ put:
+ tags:
+ - Transforms
+ summary: Update a transform
+ description: |-
+ Replaces the transform specified by the given ID with the transform provided in the request body. Only the "attributes" field is mutable. Attempting to change other properties (ex. "name" and "type") will result in an error.
+ A token with transform write authority is required to call this API.
+ operationId: updateTransform
+ parameters:
+ - name: id
+ in: path
+ description: ID of the transform to update
+ required: true
+ style: simple
+ explode: false
+ schema:
+ type: string
+ requestBody:
+ description: 'The updated transform object (must include "name", "type", and "attributes" fields).'
+ content:
+ application/json:
+ schema:
+ type: object
+ description: The representation of an internally- or customer-defined transform.
+ required:
+ - name
+ - type
+ - attributes
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: Unique ID of this transform
+ example: 2cd78adghjkja34jh2b1hkjhasuecd
+ name:
+ type: string
+ description: Unique name of this transform
+ example: Timestamp To Date
+ type:
+ type: string
+ description: The type of transform operation
+ enum:
+ - accountAttribute
+ - base64Decode
+ - base64Encode
+ - concat
+ - conditional
+ - dateCompare
+ - dateFormat
+ - dateMath
+ - decomposeDiacriticalMarks
+ - e164phone
+ - firstValid
+ - rule
+ - identityAttribute
+ - indexOf
+ - iso3166
+ - lastIndexOf
+ - leftPad
+ - lookup
+ - lower
+ - normalizeNames
+ - randomAlphaNumeric
+ - randomNumeric
+ - reference
+ - replaceAll
+ - replace
+ - rightPad
+ - split
+ - static
+ - substring
+ - trim
+ - upper
+ - usernameGenerator
+ - uuid
+ example: dateFormat
+ externalDocs:
+ description: Transform Operations
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
+ attributes:
+ description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: base64Decode
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: base64Encode
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: concat
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: array
+ items:
+ type: object
+ description: An array of items to join together
+ example:
+ - John
+ - ' '
+ - Smith
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: conditional
+ type: object
+ required:
+ - expression
+ - positiveCondition
+ - negativeCondition
+ properties:
+ expression:
+ type: string
+ description: |-
+ A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
+
+ The `eq` operator is the only valid comparison
+ example: ValueA eq ValueB
+ positiveCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to true
+ example: 'true'
+ negativeCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to false
+ example: 'false'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateCompare
+ type: object
+ required:
+ - firstDate
+ - secondDate
+ - operator
+ - positiveCondition
+ - negativeCondition
+ properties:
+ firstDate:
+ description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ secondDate:
+ description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ operator:
+ type: string
+ description: |
+ This is the comparison to perform.
+ | Operation | Description |
+ | --------- | ------- |
+ | LT | Strictly less than: firstDate < secondDate |
+ | LTE | Less than or equal to: firstDate <= secondDate |
+ | GT | Strictly greater than: firstDate > secondDate |
+ | GTE | Greater than or equal to: firstDate >= secondDate |
+ enum:
+ - LT
+ - LTE
+ - GT
+ - GTE
+ example: LT
+ positiveCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to true
+ example: 'true'
+ negativeCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to false
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateMath
+ type: object
+ required:
+ - expression
+ properties:
+ expression:
+ type: string
+ description: |
+ A string value of the date and time components to operation on, along with the math operations to execute.
+ externalDocs:
+ description: Date Math Expressions
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
+ example: now+1w
+ roundUp:
+ type: boolean
+ description: |
+ A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
+
+
+ If not provided, the transform will default to `false`
+
+
+ `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
+
+
+ `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: decomposeDiacriticalMarks
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: e164phone
+ type: object
+ properties:
+ defaultRegion:
+ type: string
+ description: |
+ This is an optional attribute that can be used to define the region of the phone number to format into.
+
+
+ If defaultRegion is not provided, it will take US as the default country.
+
+
+ The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
+ example: US
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: firstValid
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: array
+ items:
+ type: object
+ description: An array of attributes to evaluate for existence.
+ example:
+ - attributes:
+ sourceName: Active Directory
+ attributeName: sAMAccountName
+ type: accountAttribute
+ - attributes:
+ sourceName: Okta
+ attributeName: login
+ type: accountAttribute
+ - attributes:
+ sourceName: HR Source
+ attributeName: employeeID
+ type: accountAttribute
+ ignoreErrors:
+ type: boolean
+ description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ - title: rule
+ oneOf:
+ - type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description: This is the name of the Generic rule that needs to be invoked by the transform
+ example: Generic Calculation Rule
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - type: object
+ required:
+ - name
+ - operation
+ - includeNumbers
+ - includeSpecialChars
+ - length
+ properties:
+ name:
+ type: string
+ description: This must always be set to "Cloud Services Deployment Utility"
+ example: Cloud Services Deployment Utility
+ operation:
+ type: string
+ description: The operation to perform `generateRandomString`
+ example: generateRandomString
+ includeNumbers:
+ type: boolean
+ description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
+ example: true
+ includeSpecialChars:
+ type: boolean
+ description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
+ example: true
+ length:
+ type: string
+ description: |
+ This specifies how long the randomly generated string needs to be
+
+
+ >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - type: object
+ required:
+ - name
+ - operation
+ - uid
+ properties:
+ name:
+ type: string
+ description: This must always be set to "Cloud Services Deployment Utility"
+ example: Cloud Services Deployment Utility
+ operation:
+ type: string
+ description: The operation to perform `getReferenceIdentityAttribute`
+ example: getReferenceIdentityAttribute
+ uid:
+ type: string
+ description: |
+ This is the SailPoint User Name (uid) value of the identity whose attribute is desired
+
+ As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
+ example: 2c91808570313110017040b06f344ec9
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - title: identityAttribute
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description: The system (camel-cased) name of the identity attribute to bring in
+ example: email
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: indexOf
+ type: object
+ required:
+ - substring
+ properties:
+ substring:
+ type: string
+ description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
+ example: admin_
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: iso3166
+ type: object
+ properties:
+ format:
+ type: string
+ description: |
+ An optional value to denote which ISO 3166 format to return. Valid values are:
+
+
+ `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
+
+
+ `alpha3` - Three-character country code (e.g., "USA")
+
+
+ `numeric` - The numeric country code (e.g., "840")
+ example: alpha2
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: leftPad
+ type: object
+ required:
+ - length
+ properties:
+ length:
+ type: string
+ description: An integer value for the desired length of the final output string
+ example: '4'
+ padding:
+ type: string
+ description: |
+ A string value representing the character that the incoming data should be padded with to get to the desired length
+
+
+ If not provided, the transform will default to a single space (" ") character for padding
+ example: '0'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: lookup
+ type: object
+ required:
+ - table
+ properties:
+ table:
+ type: object
+ additionalProperties: true
+ description: |
+ This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
+
+
+ >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
+ example:
+ USA: Americas
+ FRA: EMEA
+ AUS: APAC
+ default: Unknown Region
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: lower
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: nameNormalizer
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: randomAlphaNumeric
+ type: object
+ properties:
+ length:
+ type: string
+ description: |
+ This is an integer value specifying the size/number of characters the random string must contain
+
+
+ * This value must be a positive number and cannot be blank
+
+
+ * If no length is provided, the transform will default to a value of `32`
+
+
+ * Due to identity attribute data constraints, the maximum allowable value is `450` characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: randomNumeric
+ type: object
+ properties:
+ length:
+ type: string
+ description: |
+ This is an integer value specifying the size/number of characters the random string must contain
+
+
+ * This value must be a positive number and cannot be blank
+
+
+ * If no length is provided, the transform will default to a value of `32`
+
+
+ * Due to identity attribute data constraints, the maximum allowable value is `450` characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: reference
+ type: object
+ required:
+ - id
+ properties:
+ id:
+ type: string
+ description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
+ example: Existing Transform
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: replaceAll
+ type: object
+ required:
+ - table
+ properties:
+ table:
+ type: object
+ additionalProperties: true
+ description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
+ example:
+ '-': ' '
+ '"': ''''
+ ñ: 'n'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: replace
+ type: object
+ required:
+ - regex
+ - replacement
+ properties:
+ regex:
+ type: string
+ description: This can be a string or a regex pattern in which you want to replace.
+ example: '[^a-zA-Z]'
+ externalDocs:
+ description: Regex Builder
+ url: 'https://regex101.com/'
+ replacement:
+ type: string
+ description: This is the replacement string that should be substituded wherever the string or pattern is found.
+ example: ' '
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: rightPad
+ type: object
+ required:
+ - length
+ properties:
+ length:
+ type: string
+ description: An integer value for the desired length of the final output string
+ example: '4'
+ padding:
+ type: string
+ description: |
+ A string value representing the character that the incoming data should be padded with to get to the desired length
+
+
+ If not provided, the transform will default to a single space (" ") character for padding
+ example: '0'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: split
+ type: object
+ required:
+ - delimiter
+ - index
+ properties:
+ delimiter:
+ type: string
+ description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
+ example: ','
+ index:
+ type: string
+ description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
+ example: '5'
+ throws:
+ type: boolean
+ description: |
+ A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
+
+
+ `true` - The transform should return "IndexOutOfBoundsException"
+
+
+ `false` - The transform should return null
+
+
+ If not provided, the transform will default to false and return a null
+ example: true
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: static
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: string
+ description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
+ example: string$variable
+ externalDocs:
+ description: Static Transform Documentation
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ - title: substring
+ type: object
+ required:
+ - begin
+ properties:
+ begin:
+ type: integer
+ description: |
+ The index of the first character to include in the returned substring.
+
+
+ If `begin` is set to -1, the transform will begin at character 0 of the input data
+ example: 1
+ format: int32
+ beginOffset:
+ type: integer
+ description: |
+ This integer value is the number of characters to add to the begin attribute when returning a substring.
+
+ This attribute is only used if begin is not -1.
+ example: 3
+ format: int32
+ end:
+ type: integer
+ description: |
+ The index of the first character to exclude from the returned substring.
+
+ If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
+ example: 6
+ format: int32
+ endOffset:
+ type: integer
+ description: |
+ This integer value is the number of characters to add to the end attribute when returning a substring.
+
+ This attribute is only used if end is provided and is not -1.
+ example: 1
+ format: int32
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: trim
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: upper
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: uuid
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ internal:
+ type: boolean
+ readOnly: true
+ description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
+ example: false
+ example:
+ name: Timestamp To Date
+ type: dateFormat
+ attributes:
+ inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS'
+ outputFormat: yyyy/dd/MM
+ responses:
+ '200':
+ description: Indicates the transform was successfully updated and returns its new representation.
+ content:
+ application/json:
+ schema:
+ type: object
+ description: The representation of an internally- or customer-defined transform.
+ required:
+ - name
+ - type
+ - attributes
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: Unique ID of this transform
+ example: 2cd78adghjkja34jh2b1hkjhasuecd
+ name:
+ type: string
+ description: Unique name of this transform
+ example: Timestamp To Date
+ type:
+ type: string
+ description: The type of transform operation
+ enum:
+ - accountAttribute
+ - base64Decode
+ - base64Encode
+ - concat
+ - conditional
+ - dateCompare
+ - dateFormat
+ - dateMath
+ - decomposeDiacriticalMarks
+ - e164phone
+ - firstValid
+ - rule
+ - identityAttribute
+ - indexOf
+ - iso3166
+ - lastIndexOf
+ - leftPad
+ - lookup
+ - lower
+ - normalizeNames
+ - randomAlphaNumeric
+ - randomNumeric
+ - reference
+ - replaceAll
+ - replace
+ - rightPad
+ - split
+ - static
+ - substring
+ - trim
+ - upper
+ - usernameGenerator
+ - uuid
+ example: dateFormat
+ externalDocs:
+ description: Transform Operations
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
+ attributes:
+ description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: base64Decode
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: base64Encode
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: concat
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: array
+ items:
+ type: object
+ description: An array of items to join together
+ example:
+ - John
+ - ' '
+ - Smith
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: conditional
+ type: object
+ required:
+ - expression
+ - positiveCondition
+ - negativeCondition
+ properties:
+ expression:
+ type: string
+ description: |-
+ A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
+
+ The `eq` operator is the only valid comparison
+ example: ValueA eq ValueB
+ positiveCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to true
+ example: 'true'
+ negativeCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to false
+ example: 'false'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateCompare
+ type: object
+ required:
+ - firstDate
+ - secondDate
+ - operator
+ - positiveCondition
+ - negativeCondition
+ properties:
+ firstDate:
+ description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ secondDate:
+ description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ operator:
+ type: string
+ description: |
+ This is the comparison to perform.
+ | Operation | Description |
+ | --------- | ------- |
+ | LT | Strictly less than: firstDate < secondDate |
+ | LTE | Less than or equal to: firstDate <= secondDate |
+ | GT | Strictly greater than: firstDate > secondDate |
+ | GTE | Greater than or equal to: firstDate >= secondDate |
+ enum:
+ - LT
+ - LTE
+ - GT
+ - GTE
+ example: LT
+ positiveCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to true
+ example: 'true'
+ negativeCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to false
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateMath
+ type: object
+ required:
+ - expression
+ properties:
+ expression:
+ type: string
+ description: |
+ A string value of the date and time components to operation on, along with the math operations to execute.
+ externalDocs:
+ description: Date Math Expressions
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
+ example: now+1w
+ roundUp:
+ type: boolean
+ description: |
+ A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
+
+
+ If not provided, the transform will default to `false`
+
+
+ `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
+
+
+ `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: decomposeDiacriticalMarks
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: e164phone
+ type: object
+ properties:
+ defaultRegion:
+ type: string
+ description: |
+ This is an optional attribute that can be used to define the region of the phone number to format into.
+
+
+ If defaultRegion is not provided, it will take US as the default country.
+
+
+ The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
+ example: US
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: firstValid
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: array
+ items:
+ type: object
+ description: An array of attributes to evaluate for existence.
+ example:
+ - attributes:
+ sourceName: Active Directory
+ attributeName: sAMAccountName
+ type: accountAttribute
+ - attributes:
+ sourceName: Okta
+ attributeName: login
+ type: accountAttribute
+ - attributes:
+ sourceName: HR Source
+ attributeName: employeeID
+ type: accountAttribute
+ ignoreErrors:
+ type: boolean
+ description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ - title: rule
+ oneOf:
+ - type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description: This is the name of the Generic rule that needs to be invoked by the transform
+ example: Generic Calculation Rule
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - type: object
+ required:
+ - name
+ - operation
+ - includeNumbers
+ - includeSpecialChars
+ - length
+ properties:
+ name:
+ type: string
+ description: This must always be set to "Cloud Services Deployment Utility"
+ example: Cloud Services Deployment Utility
+ operation:
+ type: string
+ description: The operation to perform `generateRandomString`
+ example: generateRandomString
+ includeNumbers:
+ type: boolean
+ description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
+ example: true
+ includeSpecialChars:
+ type: boolean
+ description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
+ example: true
+ length:
+ type: string
+ description: |
+ This specifies how long the randomly generated string needs to be
+
+
+ >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - type: object
+ required:
+ - name
+ - operation
+ - uid
+ properties:
+ name:
+ type: string
+ description: This must always be set to "Cloud Services Deployment Utility"
+ example: Cloud Services Deployment Utility
+ operation:
+ type: string
+ description: The operation to perform `getReferenceIdentityAttribute`
+ example: getReferenceIdentityAttribute
+ uid:
+ type: string
+ description: |
+ This is the SailPoint User Name (uid) value of the identity whose attribute is desired
+
+ As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
+ example: 2c91808570313110017040b06f344ec9
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - title: identityAttribute
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description: The system (camel-cased) name of the identity attribute to bring in
+ example: email
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: indexOf
+ type: object
+ required:
+ - substring
+ properties:
+ substring:
+ type: string
+ description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
+ example: admin_
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: iso3166
+ type: object
+ properties:
+ format:
+ type: string
+ description: |
+ An optional value to denote which ISO 3166 format to return. Valid values are:
+
+
+ `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
+
+
+ `alpha3` - Three-character country code (e.g., "USA")
+
+
+ `numeric` - The numeric country code (e.g., "840")
+ example: alpha2
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: leftPad
+ type: object
+ required:
+ - length
+ properties:
+ length:
+ type: string
+ description: An integer value for the desired length of the final output string
+ example: '4'
+ padding:
+ type: string
+ description: |
+ A string value representing the character that the incoming data should be padded with to get to the desired length
+
+
+ If not provided, the transform will default to a single space (" ") character for padding
+ example: '0'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: lookup
+ type: object
+ required:
+ - table
+ properties:
+ table:
+ type: object
+ additionalProperties: true
+ description: |
+ This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
+
+
+ >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
+ example:
+ USA: Americas
+ FRA: EMEA
+ AUS: APAC
+ default: Unknown Region
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: lower
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: nameNormalizer
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: randomAlphaNumeric
+ type: object
+ properties:
+ length:
+ type: string
+ description: |
+ This is an integer value specifying the size/number of characters the random string must contain
+
+
+ * This value must be a positive number and cannot be blank
+
+
+ * If no length is provided, the transform will default to a value of `32`
+
+
+ * Due to identity attribute data constraints, the maximum allowable value is `450` characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: randomNumeric
+ type: object
+ properties:
+ length:
+ type: string
+ description: |
+ This is an integer value specifying the size/number of characters the random string must contain
+
+
+ * This value must be a positive number and cannot be blank
+
+
+ * If no length is provided, the transform will default to a value of `32`
+
+
+ * Due to identity attribute data constraints, the maximum allowable value is `450` characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: reference
+ type: object
+ required:
+ - id
+ properties:
+ id:
+ type: string
+ description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
+ example: Existing Transform
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: replaceAll
+ type: object
+ required:
+ - table
+ properties:
+ table:
+ type: object
+ additionalProperties: true
+ description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
+ example:
+ '-': ' '
+ '"': ''''
+ ñ: 'n'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: replace
+ type: object
+ required:
+ - regex
+ - replacement
+ properties:
+ regex:
+ type: string
+ description: This can be a string or a regex pattern in which you want to replace.
+ example: '[^a-zA-Z]'
+ externalDocs:
+ description: Regex Builder
+ url: 'https://regex101.com/'
+ replacement:
+ type: string
+ description: This is the replacement string that should be substituded wherever the string or pattern is found.
+ example: ' '
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: rightPad
+ type: object
+ required:
+ - length
+ properties:
+ length:
+ type: string
+ description: An integer value for the desired length of the final output string
+ example: '4'
+ padding:
+ type: string
+ description: |
+ A string value representing the character that the incoming data should be padded with to get to the desired length
+
+
+ If not provided, the transform will default to a single space (" ") character for padding
+ example: '0'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: split
+ type: object
+ required:
+ - delimiter
+ - index
+ properties:
+ delimiter:
+ type: string
+ description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
+ example: ','
+ index:
+ type: string
+ description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
+ example: '5'
+ throws:
+ type: boolean
+ description: |
+ A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
+
+
+ `true` - The transform should return "IndexOutOfBoundsException"
+
+
+ `false` - The transform should return null
+
+
+ If not provided, the transform will default to false and return a null
+ example: true
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: static
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: string
+ description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
+ example: string$variable
+ externalDocs:
+ description: Static Transform Documentation
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ - title: substring
+ type: object
+ required:
+ - begin
+ properties:
+ begin:
+ type: integer
+ description: |
+ The index of the first character to include in the returned substring.
+
+
+ If `begin` is set to -1, the transform will begin at character 0 of the input data
+ example: 1
+ format: int32
+ beginOffset:
+ type: integer
+ description: |
+ This integer value is the number of characters to add to the begin attribute when returning a substring.
+
+ This attribute is only used if begin is not -1.
+ example: 3
+ format: int32
+ end:
+ type: integer
+ description: |
+ The index of the first character to exclude from the returned substring.
+
+ If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
+ example: 6
+ format: int32
+ endOffset:
+ type: integer
+ description: |
+ This integer value is the number of characters to add to the end attribute when returning a substring.
+
+ This attribute is only used if end is provided and is not -1.
+ example: 1
+ format: int32
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: trim
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: upper
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: uuid
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ internal:
+ type: boolean
+ readOnly: true
+ description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
+ example: false
+ example:
+ id: 2cd78adghjkja34jh2b1hkjhasuecd
+ name: Timestamp To Date
+ type: dateFormat
+ attributes:
+ inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS'
+ outputFormat: yyyy/dd/MM
+ internal: false
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:transforms:write'
+ delete:
+ tags:
+ - Transforms
+ summary: Delete a transform
+ description: |-
+ Deletes the transform specified by the given ID. Attempting to delete a transform that is used in one or more Identity Profile mappings will result in an error. If this occurs, you must first remove the transform from all mappings before deleting the transform.
+ A token with transform delete authority is required to call this API.
+ operationId: deleteTransform
+ parameters:
+ - name: id
+ in: path
+ description: ID of the transform to delete
+ required: true
+ style: simple
+ explode: false
+ schema:
+ type: string
+ responses:
+ '204':
+ description: No content - indicates the request was successful but there is no content to be returned in the response.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ security:
+ - oauth2:
+ - 'idn:transforms:delete'
+ /work-items:
+ get:
+ operationId: listWorkItems
+ tags:
+ - Work Items
+ summary: List Work Items
+ description: 'This gets a collection of work items belonging to either the specified user(admin required), or the current user.'
+ parameters:
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ - in: query
+ name: ownerId
+ schema:
+ type: string
+ description: ID of the work item owner.
+ required: false
+ responses:
+ '200':
+ description: List of work items
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the work item
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterId:
+ type: string
+ description: ID of the requester
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterDisplayName:
+ type: string
+ description: The displayname of the requester
+ example: John Smith
+ ownerId:
+ type: string
+ description: The ID of the owner
+ example: 2c9180835d2e5168015d32f890ca1581
+ ownerName:
+ type: string
+ description: The name of the owner
+ example: Jason Smith
+ created:
+ type: string
+ format: date-time
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description:
+ type: string
+ description: The description of the work item
+ example: Create account on source 'AD'
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ type:
+ type: string
+ enum:
+ - UNKNOWN
+ - GENERIC
+ - CERTIFICATION
+ - REMEDIATION
+ - DELEGATION
+ - APPROVAL
+ - VIOLATIONREVIEW
+ - FORM
+ - POLICYVIOLATION
+ - CHALLENGE
+ - IMPACTANALYSIS
+ - SIGNOFF
+ - EVENT
+ - MANUALACTION
+ - TEST
+ remediationItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of the certification
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetId:
+ type: string
+ description: The ID of the certification target
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetName:
+ type: string
+ description: The name of the certification target
+ example: john.smith
+ targetDisplayName:
+ type: string
+ description: The display name of the certification target
+ example: emailAddress
+ applicationName:
+ type: string
+ description: The name of the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute being certified
+ example: phoneNumber
+ attributeOperation:
+ type: string
+ description: The operation of the certification on the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute being certified
+ example: 512-555-1212
+ nativeIdentity:
+ type: string
+ description: The native identity of the target
+ example: jason.smith2
+ approvalItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the approval item
+ example: 2c9180835d2e5168015d32f890ca1581
+ account:
+ type: string
+ description: The account referenced by the approval item
+ example: john.smith
+ application:
+ type: string
+ description: The name the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute
+ example: emailAddress
+ attributeOperation:
+ type: string
+ description: The operation of the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute
+ example: a@b.com
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ name:
+ type: string
+ description: The work item name
+ example: Account Create
+ completed:
+ type: string
+ format: date-time
+ example: '2018-10-19T13:49:37.385Z'
+ numItems:
+ type: integer
+ description: The number of items in the work item
+ example: 19
+ form:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the form
+ example: 2c9180835d2e5168015d32f890ca1581
+ name:
+ type: string
+ description: Name of the form
+ example: AccountSelection Form
+ title:
+ type: string
+ description: The form title
+ example: Account Selection for John.Doe
+ subtitle:
+ type: string
+ description: The form subtitle.
+ example: Please select from the following
+ targetUser:
+ type: string
+ description: The name of the user that should be shown this form
+ example: Jane.Doe
+ sections:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ name:
+ type: string
+ description: Name of the FormItem
+ example: Field1
+ - type: object
+ properties:
+ label:
+ type: string
+ description: Label of the section
+ example: Section 1
+ formItems:
+ type: array
+ items:
+ type: object
+ description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
+ example: []
+ errors:
+ type: array
+ items:
+ type: string
+ example:
+ - The work item ID that was specified was not found.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /work-items/completed:
+ get:
+ operationId: completedWorkItems
+ tags:
+ - Work Items
+ summary: Completed Work Items
+ description: 'This gets a collection of completed work items belonging to either the specified user(admin required), or the current user.'
+ parameters:
+ - in: query
+ name: ownerId
+ schema:
+ type: string
+ description: 'The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request.'
+ required: false
+ - in: query
+ name: limit
+ description: |-
+ Max number of results to return.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 250
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ maximum: 250
+ default: 250
+ - in: query
+ name: offset
+ description: |-
+ Offset into the full result set. Usually specified with *limit* to paginate through the results.
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: 0
+ schema:
+ type: integer
+ format: int32
+ minimum: 0
+ default: 0
+ - in: query
+ name: count
+ description: |-
+ If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.
+
+ Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.
+
+ See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
+ required: false
+ example: true
+ schema:
+ type: boolean
+ default: false
+ responses:
+ '200':
+ description: List of completed work items.
+ content:
+ application/json:
+ schema:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the work item
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterId:
+ type: string
+ description: ID of the requester
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterDisplayName:
+ type: string
+ description: The displayname of the requester
+ example: John Smith
+ ownerId:
+ type: string
+ description: The ID of the owner
+ example: 2c9180835d2e5168015d32f890ca1581
+ ownerName:
+ type: string
+ description: The name of the owner
+ example: Jason Smith
+ created:
+ type: string
+ format: date-time
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description:
+ type: string
+ description: The description of the work item
+ example: Create account on source 'AD'
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ type:
+ type: string
+ enum:
+ - UNKNOWN
+ - GENERIC
+ - CERTIFICATION
+ - REMEDIATION
+ - DELEGATION
+ - APPROVAL
+ - VIOLATIONREVIEW
+ - FORM
+ - POLICYVIOLATION
+ - CHALLENGE
+ - IMPACTANALYSIS
+ - SIGNOFF
+ - EVENT
+ - MANUALACTION
+ - TEST
+ remediationItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of the certification
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetId:
+ type: string
+ description: The ID of the certification target
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetName:
+ type: string
+ description: The name of the certification target
+ example: john.smith
+ targetDisplayName:
+ type: string
+ description: The display name of the certification target
+ example: emailAddress
+ applicationName:
+ type: string
+ description: The name of the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute being certified
+ example: phoneNumber
+ attributeOperation:
+ type: string
+ description: The operation of the certification on the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute being certified
+ example: 512-555-1212
+ nativeIdentity:
+ type: string
+ description: The native identity of the target
+ example: jason.smith2
+ approvalItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the approval item
+ example: 2c9180835d2e5168015d32f890ca1581
+ account:
+ type: string
+ description: The account referenced by the approval item
+ example: john.smith
+ application:
+ type: string
+ description: The name the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute
+ example: emailAddress
+ attributeOperation:
+ type: string
+ description: The operation of the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute
+ example: a@b.com
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ name:
+ type: string
+ description: The work item name
+ example: Account Create
+ completed:
+ type: string
+ format: date-time
+ example: '2018-10-19T13:49:37.385Z'
+ numItems:
+ type: integer
+ description: The number of items in the work item
+ example: 19
+ form:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the form
+ example: 2c9180835d2e5168015d32f890ca1581
+ name:
+ type: string
+ description: Name of the form
+ example: AccountSelection Form
+ title:
+ type: string
+ description: The form title
+ example: Account Selection for John.Doe
+ subtitle:
+ type: string
+ description: The form subtitle.
+ example: Please select from the following
+ targetUser:
+ type: string
+ description: The name of the user that should be shown this form
+ example: Jane.Doe
+ sections:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ name:
+ type: string
+ description: Name of the FormItem
+ example: Field1
+ - type: object
+ properties:
+ label:
+ type: string
+ description: Label of the section
+ example: Section 1
+ formItems:
+ type: array
+ items:
+ type: object
+ description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
+ example: []
+ errors:
+ type: array
+ items:
+ type: string
+ example:
+ - The work item ID that was specified was not found.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /work-items/count:
+ get:
+ operationId: countWorkItems
+ tags:
+ - Work Items
+ summary: Count Work Items
+ description: 'This gets a count of work items belonging to either the specified user(admin required), or the current user.'
+ parameters:
+ - in: query
+ name: ownerId
+ schema:
+ type: string
+ description: ID of the work item owner.
+ required: false
+ responses:
+ '200':
+ description: List of work items
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ count:
+ type: integer
+ description: The count of work items
+ example: 29
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /work-items/completed/count:
+ get:
+ operationId: countCompletedWorkItems
+ tags:
+ - Work Items
+ summary: Count Completed Work Items
+ description: 'This gets a count of completed work items belonging to either the specified user(admin required), or the current user.'
+ parameters:
+ - in: query
+ name: ownerId
+ schema:
+ type: string
+ description: ID of the work item owner.
+ required: false
+ responses:
+ '200':
+ description: List of work items
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ count:
+ type: integer
+ description: The count of work items
+ example: 29
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ /work-items/summary:
+ get:
+ operationId: summaryWorkItems
+ tags:
+ - Work Items
+ summary: Work Items Summary
+ description: 'This gets a summary of work items belonging to either the specified user(admin required), or the current user.'
+ parameters:
+ - in: query
+ name: ownerId
+ schema:
+ type: string
+ description: ID of the work item owner.
+ required: false
+ responses:
+ '200':
+ description: List of work items
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ open:
+ type: integer
+ description: The count of open work items
+ example: 29
+ completed:
+ type: integer
+ description: The count of completed work items
+ example: 1
+ total:
+ type: integer
+ description: The count of total work items
+ example: 30
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/work-items/{id}':
+ get:
+ operationId: getWorkItems
+ tags:
+ - Work Items
+ summary: Get a Work Item
+ description: 'This gets the details of a Work Item belonging to either the specified user(admin required), or the current user.'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: ID of the work item.
+ responses:
+ '200':
+ description: The work item with the given ID.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the work item
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterId:
+ type: string
+ description: ID of the requester
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterDisplayName:
+ type: string
+ description: The displayname of the requester
+ example: John Smith
+ ownerId:
+ type: string
+ description: The ID of the owner
+ example: 2c9180835d2e5168015d32f890ca1581
+ ownerName:
+ type: string
+ description: The name of the owner
+ example: Jason Smith
+ created:
+ type: string
+ format: date-time
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description:
+ type: string
+ description: The description of the work item
+ example: Create account on source 'AD'
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ type:
+ type: string
+ enum:
+ - UNKNOWN
+ - GENERIC
+ - CERTIFICATION
+ - REMEDIATION
+ - DELEGATION
+ - APPROVAL
+ - VIOLATIONREVIEW
+ - FORM
+ - POLICYVIOLATION
+ - CHALLENGE
+ - IMPACTANALYSIS
+ - SIGNOFF
+ - EVENT
+ - MANUALACTION
+ - TEST
+ remediationItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of the certification
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetId:
+ type: string
+ description: The ID of the certification target
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetName:
+ type: string
+ description: The name of the certification target
+ example: john.smith
+ targetDisplayName:
+ type: string
+ description: The display name of the certification target
+ example: emailAddress
+ applicationName:
+ type: string
+ description: The name of the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute being certified
+ example: phoneNumber
+ attributeOperation:
+ type: string
+ description: The operation of the certification on the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute being certified
+ example: 512-555-1212
+ nativeIdentity:
+ type: string
+ description: The native identity of the target
+ example: jason.smith2
+ approvalItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the approval item
+ example: 2c9180835d2e5168015d32f890ca1581
+ account:
+ type: string
+ description: The account referenced by the approval item
+ example: john.smith
+ application:
+ type: string
+ description: The name the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute
+ example: emailAddress
+ attributeOperation:
+ type: string
+ description: The operation of the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute
+ example: a@b.com
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ name:
+ type: string
+ description: The work item name
+ example: Account Create
+ completed:
+ type: string
+ format: date-time
+ example: '2018-10-19T13:49:37.385Z'
+ numItems:
+ type: integer
+ description: The number of items in the work item
+ example: 19
+ form:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the form
+ example: 2c9180835d2e5168015d32f890ca1581
+ name:
+ type: string
+ description: Name of the form
+ example: AccountSelection Form
+ title:
+ type: string
+ description: The form title
+ example: Account Selection for John.Doe
+ subtitle:
+ type: string
+ description: The form subtitle.
+ example: Please select from the following
+ targetUser:
+ type: string
+ description: The name of the user that should be shown this form
+ example: Jane.Doe
+ sections:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ name:
+ type: string
+ description: Name of the FormItem
+ example: Field1
+ - type: object
+ properties:
+ label:
+ type: string
+ description: Label of the section
+ example: Section 1
+ formItems:
+ type: array
+ items:
+ type: object
+ description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
+ example: []
+ errors:
+ type: array
+ items:
+ type: string
+ example:
+ - The work item ID that was specified was not found.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ post:
+ operationId: completeWorkItem
+ tags:
+ - Work Items
+ summary: Complete a Work Item
+ description: 'This API completes a work item. Either an admin, or the owning/current user must make this request.'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The ID of the work item
+ example: ef38f94347e94562b5bb8424a56397d8
+ responses:
+ '200':
+ description: A WorkItems object
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the work item
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterId:
+ type: string
+ description: ID of the requester
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterDisplayName:
+ type: string
+ description: The displayname of the requester
+ example: John Smith
+ ownerId:
+ type: string
+ description: The ID of the owner
+ example: 2c9180835d2e5168015d32f890ca1581
+ ownerName:
+ type: string
+ description: The name of the owner
+ example: Jason Smith
+ created:
+ type: string
+ format: date-time
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description:
+ type: string
+ description: The description of the work item
+ example: Create account on source 'AD'
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ type:
+ type: string
+ enum:
+ - UNKNOWN
+ - GENERIC
+ - CERTIFICATION
+ - REMEDIATION
+ - DELEGATION
+ - APPROVAL
+ - VIOLATIONREVIEW
+ - FORM
+ - POLICYVIOLATION
+ - CHALLENGE
+ - IMPACTANALYSIS
+ - SIGNOFF
+ - EVENT
+ - MANUALACTION
+ - TEST
+ remediationItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of the certification
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetId:
+ type: string
+ description: The ID of the certification target
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetName:
+ type: string
+ description: The name of the certification target
+ example: john.smith
+ targetDisplayName:
+ type: string
+ description: The display name of the certification target
+ example: emailAddress
+ applicationName:
+ type: string
+ description: The name of the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute being certified
+ example: phoneNumber
+ attributeOperation:
+ type: string
+ description: The operation of the certification on the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute being certified
+ example: 512-555-1212
+ nativeIdentity:
+ type: string
+ description: The native identity of the target
+ example: jason.smith2
+ approvalItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the approval item
+ example: 2c9180835d2e5168015d32f890ca1581
+ account:
+ type: string
+ description: The account referenced by the approval item
+ example: john.smith
+ application:
+ type: string
+ description: The name the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute
+ example: emailAddress
+ attributeOperation:
+ type: string
+ description: The operation of the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute
+ example: a@b.com
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ name:
+ type: string
+ description: The work item name
+ example: Account Create
+ completed:
+ type: string
+ format: date-time
+ example: '2018-10-19T13:49:37.385Z'
+ numItems:
+ type: integer
+ description: The number of items in the work item
+ example: 19
+ form:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the form
+ example: 2c9180835d2e5168015d32f890ca1581
+ name:
+ type: string
+ description: Name of the form
+ example: AccountSelection Form
+ title:
+ type: string
+ description: The form title
+ example: Account Selection for John.Doe
+ subtitle:
+ type: string
+ description: The form subtitle.
+ example: Please select from the following
+ targetUser:
+ type: string
+ description: The name of the user that should be shown this form
+ example: Jane.Doe
+ sections:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ name:
+ type: string
+ description: Name of the FormItem
+ example: Field1
+ - type: object
+ properties:
+ label:
+ type: string
+ description: Label of the section
+ example: Section 1
+ formItems:
+ type: array
+ items:
+ type: object
+ description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
+ example: []
+ errors:
+ type: array
+ items:
+ type: string
+ example:
+ - The work item ID that was specified was not found.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/work-items/{id}/approve/{approvalItemId}':
+ post:
+ operationId: approveApprovalItem
+ tags:
+ - Work Items
+ summary: Approve an Approval Item
+ description: 'This API approves an Approval Item. Either an admin, or the owning/current user must make this request.'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The ID of the work item
+ example: ef38f94347e94562b5bb8424a56397d8
+ - in: path
+ name: approvalItemId
+ schema:
+ type: string
+ required: true
+ description: The ID of the approval item.
+ example: 1211bcaa32112bcef6122adb21cef1ac
+ responses:
+ '200':
+ description: A work items details object.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the work item
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterId:
+ type: string
+ description: ID of the requester
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterDisplayName:
+ type: string
+ description: The displayname of the requester
+ example: John Smith
+ ownerId:
+ type: string
+ description: The ID of the owner
+ example: 2c9180835d2e5168015d32f890ca1581
+ ownerName:
+ type: string
+ description: The name of the owner
+ example: Jason Smith
+ created:
+ type: string
+ format: date-time
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description:
+ type: string
+ description: The description of the work item
+ example: Create account on source 'AD'
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ type:
+ type: string
+ enum:
+ - UNKNOWN
+ - GENERIC
+ - CERTIFICATION
+ - REMEDIATION
+ - DELEGATION
+ - APPROVAL
+ - VIOLATIONREVIEW
+ - FORM
+ - POLICYVIOLATION
+ - CHALLENGE
+ - IMPACTANALYSIS
+ - SIGNOFF
+ - EVENT
+ - MANUALACTION
+ - TEST
+ remediationItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of the certification
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetId:
+ type: string
+ description: The ID of the certification target
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetName:
+ type: string
+ description: The name of the certification target
+ example: john.smith
+ targetDisplayName:
+ type: string
+ description: The display name of the certification target
+ example: emailAddress
+ applicationName:
+ type: string
+ description: The name of the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute being certified
+ example: phoneNumber
+ attributeOperation:
+ type: string
+ description: The operation of the certification on the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute being certified
+ example: 512-555-1212
+ nativeIdentity:
+ type: string
+ description: The native identity of the target
+ example: jason.smith2
+ approvalItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the approval item
+ example: 2c9180835d2e5168015d32f890ca1581
+ account:
+ type: string
+ description: The account referenced by the approval item
+ example: john.smith
+ application:
+ type: string
+ description: The name the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute
+ example: emailAddress
+ attributeOperation:
+ type: string
+ description: The operation of the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute
+ example: a@b.com
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ name:
+ type: string
+ description: The work item name
+ example: Account Create
+ completed:
+ type: string
+ format: date-time
+ example: '2018-10-19T13:49:37.385Z'
+ numItems:
+ type: integer
+ description: The number of items in the work item
+ example: 19
+ form:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the form
+ example: 2c9180835d2e5168015d32f890ca1581
+ name:
+ type: string
+ description: Name of the form
+ example: AccountSelection Form
+ title:
+ type: string
+ description: The form title
+ example: Account Selection for John.Doe
+ subtitle:
+ type: string
+ description: The form subtitle.
+ example: Please select from the following
+ targetUser:
+ type: string
+ description: The name of the user that should be shown this form
+ example: Jane.Doe
+ sections:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ name:
+ type: string
+ description: Name of the FormItem
+ example: Field1
+ - type: object
+ properties:
+ label:
+ type: string
+ description: Label of the section
+ example: Section 1
+ formItems:
+ type: array
+ items:
+ type: object
+ description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
+ example: []
+ errors:
+ type: array
+ items:
+ type: string
+ example:
+ - The work item ID that was specified was not found.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/work-items/{id}/reject/{approvalItemId}':
+ post:
+ operationId: rejectApprovalItem
+ tags:
+ - Work Items
+ summary: Reject an Approval Item
+ description: 'This API rejects an Approval Item. Either an admin, or the owning/current user must make this request.'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The ID of the work item
+ example: ef38f94347e94562b5bb8424a56397d8
+ - in: path
+ name: approvalItemId
+ schema:
+ type: string
+ required: true
+ description: The ID of the approval item.
+ example: 1211bcaa32112bcef6122adb21cef1ac
+ responses:
+ '200':
+ description: A work items details object.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the work item
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterId:
+ type: string
+ description: ID of the requester
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterDisplayName:
+ type: string
+ description: The displayname of the requester
+ example: John Smith
+ ownerId:
+ type: string
+ description: The ID of the owner
+ example: 2c9180835d2e5168015d32f890ca1581
+ ownerName:
+ type: string
+ description: The name of the owner
+ example: Jason Smith
+ created:
+ type: string
+ format: date-time
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description:
+ type: string
+ description: The description of the work item
+ example: Create account on source 'AD'
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ type:
+ type: string
+ enum:
+ - UNKNOWN
+ - GENERIC
+ - CERTIFICATION
+ - REMEDIATION
+ - DELEGATION
+ - APPROVAL
+ - VIOLATIONREVIEW
+ - FORM
+ - POLICYVIOLATION
+ - CHALLENGE
+ - IMPACTANALYSIS
+ - SIGNOFF
+ - EVENT
+ - MANUALACTION
+ - TEST
+ remediationItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of the certification
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetId:
+ type: string
+ description: The ID of the certification target
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetName:
+ type: string
+ description: The name of the certification target
+ example: john.smith
+ targetDisplayName:
+ type: string
+ description: The display name of the certification target
+ example: emailAddress
+ applicationName:
+ type: string
+ description: The name of the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute being certified
+ example: phoneNumber
+ attributeOperation:
+ type: string
+ description: The operation of the certification on the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute being certified
+ example: 512-555-1212
+ nativeIdentity:
+ type: string
+ description: The native identity of the target
+ example: jason.smith2
+ approvalItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the approval item
+ example: 2c9180835d2e5168015d32f890ca1581
+ account:
+ type: string
+ description: The account referenced by the approval item
+ example: john.smith
+ application:
+ type: string
+ description: The name the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute
+ example: emailAddress
+ attributeOperation:
+ type: string
+ description: The operation of the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute
+ example: a@b.com
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ name:
+ type: string
+ description: The work item name
+ example: Account Create
+ completed:
+ type: string
+ format: date-time
+ example: '2018-10-19T13:49:37.385Z'
+ numItems:
+ type: integer
+ description: The number of items in the work item
+ example: 19
+ form:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the form
+ example: 2c9180835d2e5168015d32f890ca1581
+ name:
+ type: string
+ description: Name of the form
+ example: AccountSelection Form
+ title:
+ type: string
+ description: The form title
+ example: Account Selection for John.Doe
+ subtitle:
+ type: string
+ description: The form subtitle.
+ example: Please select from the following
+ targetUser:
+ type: string
+ description: The name of the user that should be shown this form
+ example: Jane.Doe
+ sections:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ name:
+ type: string
+ description: Name of the FormItem
+ example: Field1
+ - type: object
+ properties:
+ label:
+ type: string
+ description: Label of the section
+ example: Section 1
+ formItems:
+ type: array
+ items:
+ type: object
+ description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
+ example: []
+ errors:
+ type: array
+ items:
+ type: string
+ example:
+ - The work item ID that was specified was not found.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/work-items/bulk-approve/{id}':
+ post:
+ operationId: bulkApproveApprovalItem
+ tags:
+ - Work Items
+ summary: Bulk approve Approval Items
+ description: 'This API bulk approves Approval Items. Either an admin, or the owning/current user must make this request.'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The ID of the work item
+ example: ef38f94347e94562b5bb8424a56397d8
+ responses:
+ '200':
+ description: A work items details object.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the work item
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterId:
+ type: string
+ description: ID of the requester
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterDisplayName:
+ type: string
+ description: The displayname of the requester
+ example: John Smith
+ ownerId:
+ type: string
+ description: The ID of the owner
+ example: 2c9180835d2e5168015d32f890ca1581
+ ownerName:
+ type: string
+ description: The name of the owner
+ example: Jason Smith
+ created:
+ type: string
+ format: date-time
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description:
+ type: string
+ description: The description of the work item
+ example: Create account on source 'AD'
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ type:
+ type: string
+ enum:
+ - UNKNOWN
+ - GENERIC
+ - CERTIFICATION
+ - REMEDIATION
+ - DELEGATION
+ - APPROVAL
+ - VIOLATIONREVIEW
+ - FORM
+ - POLICYVIOLATION
+ - CHALLENGE
+ - IMPACTANALYSIS
+ - SIGNOFF
+ - EVENT
+ - MANUALACTION
+ - TEST
+ remediationItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of the certification
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetId:
+ type: string
+ description: The ID of the certification target
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetName:
+ type: string
+ description: The name of the certification target
+ example: john.smith
+ targetDisplayName:
+ type: string
+ description: The display name of the certification target
+ example: emailAddress
+ applicationName:
+ type: string
+ description: The name of the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute being certified
+ example: phoneNumber
+ attributeOperation:
+ type: string
+ description: The operation of the certification on the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute being certified
+ example: 512-555-1212
+ nativeIdentity:
+ type: string
+ description: The native identity of the target
+ example: jason.smith2
+ approvalItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the approval item
+ example: 2c9180835d2e5168015d32f890ca1581
+ account:
+ type: string
+ description: The account referenced by the approval item
+ example: john.smith
+ application:
+ type: string
+ description: The name the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute
+ example: emailAddress
+ attributeOperation:
+ type: string
+ description: The operation of the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute
+ example: a@b.com
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ name:
+ type: string
+ description: The work item name
+ example: Account Create
+ completed:
+ type: string
+ format: date-time
+ example: '2018-10-19T13:49:37.385Z'
+ numItems:
+ type: integer
+ description: The number of items in the work item
+ example: 19
+ form:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the form
+ example: 2c9180835d2e5168015d32f890ca1581
+ name:
+ type: string
+ description: Name of the form
+ example: AccountSelection Form
+ title:
+ type: string
+ description: The form title
+ example: Account Selection for John.Doe
+ subtitle:
+ type: string
+ description: The form subtitle.
+ example: Please select from the following
+ targetUser:
+ type: string
+ description: The name of the user that should be shown this form
+ example: Jane.Doe
+ sections:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ name:
+ type: string
+ description: Name of the FormItem
+ example: Field1
+ - type: object
+ properties:
+ label:
+ type: string
+ description: Label of the section
+ example: Section 1
+ formItems:
+ type: array
+ items:
+ type: object
+ description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
+ example: []
+ errors:
+ type: array
+ items:
+ type: string
+ example:
+ - The work item ID that was specified was not found.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/work-items/bulk-reject/{id}':
+ post:
+ operationId: bulkRejectApprovalItem
+ tags:
+ - Work Items
+ summary: Bulk reject Approval Items
+ description: 'This API bulk rejects Approval Items. Either an admin, or the owning/current user must make this request.'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The ID of the work item
+ example: ef38f94347e94562b5bb8424a56397d8
+ responses:
+ '200':
+ description: A work items details object.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the work item
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterId:
+ type: string
+ description: ID of the requester
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterDisplayName:
+ type: string
+ description: The displayname of the requester
+ example: John Smith
+ ownerId:
+ type: string
+ description: The ID of the owner
+ example: 2c9180835d2e5168015d32f890ca1581
+ ownerName:
+ type: string
+ description: The name of the owner
+ example: Jason Smith
+ created:
+ type: string
+ format: date-time
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description:
+ type: string
+ description: The description of the work item
+ example: Create account on source 'AD'
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ type:
+ type: string
+ enum:
+ - UNKNOWN
+ - GENERIC
+ - CERTIFICATION
+ - REMEDIATION
+ - DELEGATION
+ - APPROVAL
+ - VIOLATIONREVIEW
+ - FORM
+ - POLICYVIOLATION
+ - CHALLENGE
+ - IMPACTANALYSIS
+ - SIGNOFF
+ - EVENT
+ - MANUALACTION
+ - TEST
+ remediationItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of the certification
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetId:
+ type: string
+ description: The ID of the certification target
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetName:
+ type: string
+ description: The name of the certification target
+ example: john.smith
+ targetDisplayName:
+ type: string
+ description: The display name of the certification target
+ example: emailAddress
+ applicationName:
+ type: string
+ description: The name of the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute being certified
+ example: phoneNumber
+ attributeOperation:
+ type: string
+ description: The operation of the certification on the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute being certified
+ example: 512-555-1212
+ nativeIdentity:
+ type: string
+ description: The native identity of the target
+ example: jason.smith2
+ approvalItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the approval item
+ example: 2c9180835d2e5168015d32f890ca1581
+ account:
+ type: string
+ description: The account referenced by the approval item
+ example: john.smith
+ application:
+ type: string
+ description: The name the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute
+ example: emailAddress
+ attributeOperation:
+ type: string
+ description: The operation of the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute
+ example: a@b.com
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ name:
+ type: string
+ description: The work item name
+ example: Account Create
+ completed:
+ type: string
+ format: date-time
+ example: '2018-10-19T13:49:37.385Z'
+ numItems:
+ type: integer
+ description: The number of items in the work item
+ example: 19
+ form:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the form
+ example: 2c9180835d2e5168015d32f890ca1581
+ name:
+ type: string
+ description: Name of the form
+ example: AccountSelection Form
+ title:
+ type: string
+ description: The form title
+ example: Account Selection for John.Doe
+ subtitle:
+ type: string
+ description: The form subtitle.
+ example: Please select from the following
+ targetUser:
+ type: string
+ description: The name of the user that should be shown this form
+ example: Jane.Doe
+ sections:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ name:
+ type: string
+ description: Name of the FormItem
+ example: Field1
+ - type: object
+ properties:
+ label:
+ type: string
+ description: Label of the section
+ example: Section 1
+ formItems:
+ type: array
+ items:
+ type: object
+ description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
+ example: []
+ errors:
+ type: array
+ items:
+ type: string
+ example:
+ - The work item ID that was specified was not found.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+ '/work-items/{id}/submit-account-selection':
+ post:
+ operationId: submitAccountSelection
+ tags:
+ - Work Items
+ summary: Submit Account Selections
+ description: 'This API submits account selections. Either an admin, or the owning/current user must make this request.'
+ parameters:
+ - in: path
+ name: id
+ schema:
+ type: string
+ required: true
+ description: The ID of the work item
+ example: ef38f94347e94562b5bb8424a56397d8
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ type: object
+ additionalProperties: true
+ example:
+ fieldName: fieldValue
+ description: 'Account Selection Data map, keyed on fieldName'
+ responses:
+ '200':
+ description: A work items details object.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the work item
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterId:
+ type: string
+ description: ID of the requester
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterDisplayName:
+ type: string
+ description: The displayname of the requester
+ example: John Smith
+ ownerId:
+ type: string
+ description: The ID of the owner
+ example: 2c9180835d2e5168015d32f890ca1581
+ ownerName:
+ type: string
+ description: The name of the owner
+ example: Jason Smith
+ created:
+ type: string
+ format: date-time
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description:
+ type: string
+ description: The description of the work item
+ example: Create account on source 'AD'
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ type:
+ type: string
+ enum:
+ - UNKNOWN
+ - GENERIC
+ - CERTIFICATION
+ - REMEDIATION
+ - DELEGATION
+ - APPROVAL
+ - VIOLATIONREVIEW
+ - FORM
+ - POLICYVIOLATION
+ - CHALLENGE
+ - IMPACTANALYSIS
+ - SIGNOFF
+ - EVENT
+ - MANUALACTION
+ - TEST
+ remediationItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of the certification
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetId:
+ type: string
+ description: The ID of the certification target
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetName:
+ type: string
+ description: The name of the certification target
+ example: john.smith
+ targetDisplayName:
+ type: string
+ description: The display name of the certification target
+ example: emailAddress
+ applicationName:
+ type: string
+ description: The name of the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute being certified
+ example: phoneNumber
+ attributeOperation:
+ type: string
+ description: The operation of the certification on the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute being certified
+ example: 512-555-1212
+ nativeIdentity:
+ type: string
+ description: The native identity of the target
+ example: jason.smith2
+ approvalItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the approval item
+ example: 2c9180835d2e5168015d32f890ca1581
+ account:
+ type: string
+ description: The account referenced by the approval item
+ example: john.smith
+ application:
+ type: string
+ description: The name the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute
+ example: emailAddress
+ attributeOperation:
+ type: string
+ description: The operation of the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute
+ example: a@b.com
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ name:
+ type: string
+ description: The work item name
+ example: Account Create
+ completed:
+ type: string
+ format: date-time
+ example: '2018-10-19T13:49:37.385Z'
+ numItems:
+ type: integer
+ description: The number of items in the work item
+ example: 19
+ form:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the form
+ example: 2c9180835d2e5168015d32f890ca1581
+ name:
+ type: string
+ description: Name of the form
+ example: AccountSelection Form
+ title:
+ type: string
+ description: The form title
+ example: Account Selection for John.Doe
+ subtitle:
+ type: string
+ description: The form subtitle.
+ example: Please select from the following
+ targetUser:
+ type: string
+ description: The name of the user that should be shown this form
+ example: Jane.Doe
+ sections:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ name:
+ type: string
+ description: Name of the FormItem
+ example: Field1
+ - type: object
+ properties:
+ label:
+ type: string
+ description: Label of the section
+ example: Section 1
+ formItems:
+ type: array
+ items:
+ type: object
+ description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
+ example: []
+ errors:
+ type: array
+ items:
+ type: string
+ example:
+ - The work item ID that was specified was not found.
+ '400':
+ description: Client Error - Returned if the request body is invalid.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ '401':
+ description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ error:
+ description: A message describing the error
+ example: 'JWT validation failed: JWT is expired'
+ '403':
+ description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.'
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '403':
+ summary: An example of a 403 response object
+ value:
+ detailCode: 403 Forbidden
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server understood the request but refuses to authorize it.
+ '404':
+ description: Not Found - returned if the request URL refers to a resource or object that does not exist
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '404':
+ summary: An example of a 404 response object
+ value:
+ detailCode: 404 Not found
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: The server did not find a current representation for the target resource.
+ '429':
+ description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ message:
+ description: A message describing the error
+ example: ' Rate Limit Exceeded '
+ '500':
+ description: Internal Server Error - Returned if there is an unexpected error.
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ detailCode:
+ type: string
+ description: Fine-grained error code providing more detail of the error.
+ example: 400.1 Bad Request Content
+ trackingId:
+ type: string
+ description: Unique tracking id for the error.
+ example: e7eab60924f64aa284175b9fa3309599
+ messages:
+ type: array
+ description: Generic localized reason for error
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ causes:
+ type: array
+ description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
+ items:
+ type: object
+ properties:
+ locale:
+ type: string
+ description: 'The locale for the message text, a BCP 47 language tag.'
+ example: en-US
+ localeOrigin:
+ type: string
+ enum:
+ - DEFAULT
+ - REQUEST
+ description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.'
+ example: DEFAULT
+ text:
+ type: string
+ description: Actual text of the error message in the indicated locale.
+ example: The request was syntactically correct but its content is semantically invalid.
+ examples:
+ '500':
+ summary: An example of a 500 response object
+ value:
+ detailCode: 500.0 Internal Fault
+ trackingId: b21b1f7ce4da4d639f2c62a57171b427
+ messages:
+ - locale: en-US
+ localeOrigin: DEFAULT
+ text: An internal fault occurred.
+security:
+ - oauth2: []
+components:
+ securitySchemes:
+ oauth2:
+ type: oauth2
+ description: |
+ OAuth2 Bearer token (JWT). See [IdentityNow REST API Authentication](https://developer.sailpoint.com/docs/authentication.html) for more information.
+ - Directions for generating a [personal access token](https://developer.sailpoint.com/docs/authentication.html#personal-access-tokens)
+ - Directions using [client credentials flow](https://developer.sailpoint.com/docs/authentication.html#client-credentials-grant-flow)
+ - Directions for using [authorization code flow](https://developer.sailpoint.com/docs/authentication.html#authorization-code-grant-flow)
+
+ Which authentication method should I choose? See our [guide](https://developer.sailpoint.com/docs/authentication.html#which-oauth-2-0-grant-flow-should-i-use)
+
+ Learn more about how to find your `tokenUrl` and `authorizationUrl` [in our docs](https://developer.sailpoint.com/docs/authentication.html#finding-your-tenant-s-oauth-details)
+ flows:
+ clientCredentials:
+ tokenUrl: 'https://tenant.api.identitynow.com/oauth/token'
+ scopes:
+ 'sp:scopes:default': default scope
+ 'sp:scopes:all': access to all scopes
+ authorizationCode:
+ authorizationUrl: 'https://tenant.identitynow.com/oauth/authorize'
+ tokenUrl: 'https://tenant.api.identitynow.com/oauth/token'
+ scopes:
+ 'sp:scopes:default': default scope
+ 'sp:scopes:all': access to all scopes
+ schemas:
+ AccessRequest:
+ type: object
+ properties:
+ requestedFor:
+ description: 'A list of Identity IDs for whom the Access is requested. If it''s a Revoke request, there can only be one Identity ID.'
+ type: array
+ items:
+ type: string
+ example: 2c918084660f45d6016617daa9210584
+ requestType:
+ type: string
+ enum:
+ - GRANT_ACCESS
+ - REVOKE_ACCESS
+ description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field. Currently REVOKE_ACCESS is not supported for entitlements.
+ example: GRANT_ACCESS
+ requestedItems:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCESS_PROFILE
+ - ROLE
+ - ENTITLEMENT
+ description: The type of the item being requested.
+ example: ACCESS_PROFILE
+ id:
+ type: string
+ description: 'ID of Role, Access Profile or Entitlement being requested.'
+ example: 2c9180835d2e5168015d32f890ca1581
+ comment:
+ type: string
+ description: |
+ Comment provided by requester.
+ * Comment is required when the request is of type Revoke Access.
+ example: Requesting access profile for John Doe
+ clientMetadata:
+ type: object
+ additionalProperties:
+ type: string
+ example:
+ requestedAppId: 2c91808f7892918f0178b78da4a305a1
+ requestedAppName: test-app
+ example:
+ requestedAppName: test-app
+ requestedAppId: 2c91808f7892918f0178b78da4a305a1
+ description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities.
+ removeDate:
+ type: string
+ description: |
+ The date the role or access profile is no longer assigned to the specified identity.
+ * Specify a date in the future.
+ * The current SLA for the deprovisioning is 24 hours.
+ * This date can be modified to either extend or decrease the duration of access item assignments for the specified identity.
+ * Currently it is not supported for entitlements.
+ format: date-time
+ example: '2020-07-11T21:23:15.000Z'
+ required:
+ - id
+ - type
+ clientMetadata:
+ type: object
+ additionalProperties:
+ type: string
+ example:
+ requestedAppId: 2c91808f7892918f0178b78da4a305a1
+ requestedAppName: test-app
+ example:
+ requestedAppId: 2c91808f7892918f0178b78da4a305a1
+ requestedAppName: test-app
+ description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities.
+ required:
+ - requestedFor
+ - requestedItems
+ AccessRequestItem:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCESS_PROFILE
+ - ROLE
+ - ENTITLEMENT
+ description: The type of the item being requested.
+ example: ACCESS_PROFILE
+ id:
+ type: string
+ description: 'ID of Role, Access Profile or Entitlement being requested.'
+ example: 2c9180835d2e5168015d32f890ca1581
+ comment:
+ type: string
+ description: |
+ Comment provided by requester.
+ * Comment is required when the request is of type Revoke Access.
+ example: Requesting access profile for John Doe
+ clientMetadata:
+ type: object
+ additionalProperties:
+ type: string
+ example:
+ requestedAppId: 2c91808f7892918f0178b78da4a305a1
+ requestedAppName: test-app
+ example:
+ requestedAppName: test-app
+ requestedAppId: 2c91808f7892918f0178b78da4a305a1
+ description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities.
+ removeDate:
+ type: string
+ description: |
+ The date the role or access profile is no longer assigned to the specified identity.
+ * Specify a date in the future.
+ * The current SLA for the deprovisioning is 24 hours.
+ * This date can be modified to either extend or decrease the duration of access item assignments for the specified identity.
+ * Currently it is not supported for entitlements.
+ format: date-time
+ example: '2020-07-11T21:23:15.000Z'
+ required:
+ - id
+ - type
+ AccessProfileDocument:
+ description: 'This is more of a complete representation of an access profile. '
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ enabled:
+ type: boolean
+ requestable:
+ type: boolean
+ requestCommentsRequired:
+ type: boolean
+ owner:
+ allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ - type: object
+ properties:
+ email:
+ type: string
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ entitlements:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ attribute:
+ type: string
+ value:
+ type: string
+ entitlementCount:
+ type: integer
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ AccessProfileSummary:
+ description: 'This is a summary representation of an access profile. '
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ owner:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ revocable:
+ type: boolean
+ AccessReviewReassignment:
+ type: object
+ properties:
+ reassign:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of item or identity being reassigned.
+ example: ef38f94347e94562b5bb8424a56397d8
+ type:
+ type: string
+ enum:
+ - TARGET_SUMMARY
+ - ITEM
+ - IDENTITY_SUMMARY
+ required:
+ - id
+ - type
+ reassignTo:
+ type: string
+ description: The ID of the identity to which the certification is reassigned
+ example: ef38f94347e94562b5bb8424a56397d8
+ reason:
+ type: string
+ description: The reason comment for why the reassign was made
+ example: reassigned for some reason
+ required:
+ - reassign
+ - reassignTo
+ - reason
+ Account:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ properties:
+ sourceId:
+ type: string
+ example: 2c9180835d2e5168015d32f890ca1581
+ identityId:
+ type: string
+ example: 2c9180835d2e5168015d32f890ca1581
+ attributes:
+ type: object
+ authoritative:
+ type: boolean
+ description:
+ type: string
+ disabled:
+ type: boolean
+ locked:
+ type: boolean
+ nativeIdentity:
+ type: string
+ systemAccount:
+ type: boolean
+ uncorrelated:
+ type: boolean
+ uuid:
+ type: string
+ manuallyCorrelated:
+ type: boolean
+ hasEntitlements:
+ type: boolean
+ AccountActivity:
+ type: object
+ properties:
+ id:
+ type: string
+ description: Id of the account activity itself
+ example: 2c9180835d2e5168015d32f890ca1581
+ name:
+ type: string
+ example: 2c9180835d2e5168015d32f890ca1581
+ created:
+ type: string
+ format: date-time
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ completed:
+ type: string
+ format: date-time
+ nullable: true
+ example: '2018-10-19T13:49:37.385Z'
+ completionStatus:
+ nullable: true
+ type: string
+ enum:
+ - SUCCESS
+ - FAILURE
+ - INCOMPLETE
+ - PENDING
+ type:
+ type: string
+ example: appRequest
+ requesterIdentitySummary:
+ type: object
+ nullable: true
+ properties:
+ id:
+ type: string
+ description: ID of this identity summary
+ example: ff80818155fe8c080155fe8d925b0316
+ name:
+ type: string
+ description: Human-readable display name of identity
+ example: SailPoint Services
+ identityId:
+ type: string
+ description: ID of the identity that this summary represents
+ example: c15b9f5cca5a4e9599eaa0e64fa921bd
+ completed:
+ type: boolean
+ description: Indicates if all access items for this summary have been decided on
+ targetIdentitySummary:
+ type: object
+ nullable: true
+ properties:
+ id:
+ type: string
+ description: ID of this identity summary
+ example: ff80818155fe8c080155fe8d925b0316
+ name:
+ type: string
+ description: Human-readable display name of identity
+ example: SailPoint Services
+ identityId:
+ type: string
+ description: ID of the identity that this summary represents
+ example: c15b9f5cca5a4e9599eaa0e64fa921bd
+ completed:
+ type: boolean
+ description: Indicates if all access items for this summary have been decided on
+ errors:
+ nullable: true
+ type: array
+ items:
+ type: string
+ example:
+ - 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.'
+ warnings:
+ nullable: true
+ type: array
+ items:
+ type: string
+ example:
+ - 'Some warning, another warning'
+ items:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ description: Item id
+ example: 2725138ee34949beb0d6cc982d2d4625
+ name:
+ type: string
+ description: Human-readable display name of item
+ requested:
+ type: string
+ format: date-time
+ description: Date and time item was requested
+ example: '2017-07-11T18:45:37.098Z'
+ approvalStatus:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ provisioningStatus:
+ type: string
+ enum:
+ - PENDING
+ - FINISHED
+ - UNVERIFIABLE
+ - COMMITED
+ - FAILED
+ - RETRY
+ description: Provisioning state of an account activity item
+ requesterComment:
+ type: object
+ nullable: true
+ properties:
+ commenterId:
+ type: string
+ description: Id of the identity making the comment
+ example: 2c918084660f45d6016617daa9210584
+ commenterName:
+ type: string
+ description: Human-readable display name of the identity making the comment
+ example: Adam Kennedy
+ body:
+ type: string
+ description: Content of the comment
+ example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
+ date:
+ type: string
+ format: date-time
+ description: Date and time comment was made
+ example: '2017-07-11T18:45:37.098Z'
+ reviewerIdentitySummary:
+ type: object
+ nullable: true
+ properties:
+ id:
+ type: string
+ description: ID of this identity summary
+ example: ff80818155fe8c080155fe8d925b0316
+ name:
+ type: string
+ description: Human-readable display name of identity
+ example: SailPoint Services
+ identityId:
+ type: string
+ description: ID of the identity that this summary represents
+ example: c15b9f5cca5a4e9599eaa0e64fa921bd
+ completed:
+ type: boolean
+ description: Indicates if all access items for this summary have been decided on
+ reviewerComment:
+ type: object
+ nullable: true
+ properties:
+ commenterId:
+ type: string
+ description: Id of the identity making the comment
+ example: 2c918084660f45d6016617daa9210584
+ commenterName:
+ type: string
+ description: Human-readable display name of the identity making the comment
+ example: Adam Kennedy
+ body:
+ type: string
+ description: Content of the comment
+ example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.
+ date:
+ type: string
+ format: date-time
+ description: Date and time comment was made
+ example: '2017-07-11T18:45:37.098Z'
+ operation:
+ type: string
+ enum:
+ - ADD
+ - CREATE
+ - MODIFY
+ - DELETE
+ - DISABLE
+ - ENABLE
+ - UNLOCK
+ - LOCK
+ - REMOVE
+ description: Represents an operation in an account activity item
+ attribute:
+ type: string
+ description: Attribute to which account activity applies
+ nullable: true
+ example: detectedRoles
+ value:
+ type: string
+ description: Value of attribute
+ nullable: true
+ example: 'Treasury Analyst [AccessProfile-1529010191212]'
+ nativeIdentity:
+ nullable: true
+ type: string
+ description: Native identity in the target system to which the account activity applies
+ example: Sandie.Camero
+ sourceId:
+ type: string
+ description: Id of Source to which account activity applies
+ example: 2c91808363ef85290164000587130c0c
+ accountRequestInfo:
+ type: object
+ nullable: true
+ properties:
+ requestedObjectId:
+ type: string
+ description: Id of requested object
+ example: 2c91808563ef85690164001c31140c0c
+ requestedObjectName:
+ type: string
+ description: Human-readable name of requested object
+ example: Treasury Analyst
+ requestedObjectType:
+ type: string
+ enum:
+ - ACCESS_PROFILE
+ - ROLE
+ description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.
+ example: ACCESS_PROFILE
+ description: 'If an account activity item is associated with an access request, captures details of that request.'
+ clientMetadata:
+ nullable: true
+ type: object
+ additionalProperties:
+ type: string
+ description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item'
+ removeDate:
+ nullable: true
+ type: string
+ description: The date the role or access profile is no longer assigned to the specified identity.
+ format: date-time
+ example: '2020-07-11T00:00:00Z'
+ executionStatus:
+ type: string
+ enum:
+ - EXECUTING
+ - VERIFYING
+ - TERMINATED
+ - COMPLETED
+ clientMetadata:
+ nullable: true
+ type: object
+ additionalProperties:
+ type: string
+ description: 'Arbitrary key-value pairs, if any were included in the corresponding access request'
+ AccountActivitySearchedItem:
+ description: AccountActivity
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - type: object
+ properties:
+ action:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ stage:
+ type: string
+ origin:
+ type: string
+ status:
+ type: string
+ requester:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ recipient:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ trackingNumber:
+ type: string
+ errors:
+ type: array
+ items:
+ type: string
+ warnings:
+ type: array
+ items:
+ type: string
+ approvals:
+ type: array
+ items:
+ type: object
+ properties:
+ comments:
+ type: array
+ items:
+ type: object
+ properties:
+ comment:
+ type: string
+ commenter:
+ type: string
+ date:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ owner:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ result:
+ type: string
+ type:
+ type: string
+ originalRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ accountId:
+ type: string
+ attributeRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ op:
+ type: string
+ value:
+ type: string
+ op:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ expansionItems:
+ type: array
+ items:
+ type: object
+ properties:
+ accountId:
+ type: string
+ cause:
+ type: string
+ name:
+ type: string
+ attributeRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ op:
+ type: string
+ value:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ accountRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ accountId:
+ type: string
+ attributeRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ op:
+ type: string
+ value:
+ type: string
+ op:
+ type: string
+ provisioningTarget:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ result:
+ type: object
+ properties:
+ errors:
+ type: array
+ items:
+ type: string
+ status:
+ type: string
+ ticketId:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ sources:
+ type: array
+ items:
+ type: string
+ AccountAttributes:
+ type: object
+ required:
+ - attributes
+ properties:
+ attributes:
+ description: The schema attribute values for the account
+ type: object
+ example:
+ city: Austin
+ displayName: John Doe
+ userName: jdoe
+ sAMAccountName: jDoe
+ mail: john.doe@sailpoint.com
+ AccountDocument:
+ description: Account
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ accountId:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ disabled:
+ type: boolean
+ locked:
+ type: boolean
+ privileged:
+ type: boolean
+ manuallyCorrelated:
+ type: boolean
+ passwordLastSet:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ entitlementAttributes:
+ type: object
+ nullable: true
+ description: a map or dictionary of key/value pairs
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ - type: object
+ properties:
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ attributes:
+ type: object
+ description: a map or dictionary of key/value pairs
+ identity:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ access:
+ type: array
+ items:
+ description: EntitlementReference
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ privileged:
+ type: boolean
+ attribute:
+ type: string
+ value:
+ type: string
+ standalone:
+ type: boolean
+ entitlementCount:
+ type: integer
+ uncorrelated:
+ type: boolean
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ AccountsAsyncResult:
+ description: Accounts async response containing details on started async process
+ required:
+ - id
+ type: object
+ properties:
+ id:
+ description: id of the task
+ type: string
+ example: 2c91808474683da6017468693c260195
+ AccountToggleRequest:
+ description: Request used for account enable/disable
+ type: object
+ properties:
+ externalVerificationId:
+ description: 'If set, an external process validates that the user wants to proceed with this request.'
+ type: string
+ example: 3f9180835d2e5168015d32f890ca1581
+ forceProvisioning:
+ description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing ''true'' for an unlocked account will add and process ''Unlock'' operation by the workflow.'
+ type: boolean
+ example: false
+ AccountUnlockRequest:
+ description: Request used for account unlock
+ type: object
+ properties:
+ externalVerificationId:
+ description: 'If set, an external process validates that the user wants to proceed with this request.'
+ type: string
+ example: 3f9180835d2e5168015d32f890ca1581
+ unlockIDNAccount:
+ description: 'If set, the IDN account is unlocked after the workflow completes.'
+ type: boolean
+ example: false
+ forceProvisioning:
+ description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.'
+ type: boolean
+ example: false
+ Aggregation:
+ description: Aggregation
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - type: object
+ properties:
+ status:
+ type: string
+ duration:
+ type: integer
+ avgDuration:
+ type: integer
+ changedAccounts:
+ type: integer
+ nextScheduled:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ startTime:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ sourceOwner:
+ type: string
+ ApprovalItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the approval item
+ example: 2c9180835d2e5168015d32f890ca1581
+ account:
+ type: string
+ description: The account referenced by the approval item
+ example: john.smith
+ application:
+ type: string
+ description: The name the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute
+ example: emailAddress
+ attributeOperation:
+ type: string
+ description: The operation of the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute
+ example: a@b.com
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ Campaign:
+ type: object
+ required:
+ - id
+ - name
+ - type
+ - campaignType
+ - description
+ properties:
+ id:
+ type: string
+ description: The unique ID of the campaign.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the campaign.
+ example: Campaign Name
+ type:
+ type: string
+ enum:
+ - CAMPAIGN
+ description: The type of object that is being referenced.
+ example: CAMPAIGN
+ campaignType:
+ type: string
+ enum:
+ - MANAGER
+ - SOURCE_OWNER
+ - SEARCH
+ description: The type of the campaign.
+ example: MANAGER
+ description:
+ type: string
+ description: The description of the campaign set by the admin who created it.
+ nullable: true
+ example: A description of the campaign
+ Certification:
+ type: object
+ properties:
+ id:
+ example: 2c9180835d2e5168015d32f890ca1581
+ type: string
+ name:
+ example: 'Source Owner Access Review for Employees [source]'
+ type: string
+ campaign:
+ type: object
+ required:
+ - id
+ - name
+ - type
+ - campaignType
+ - description
+ properties:
+ id:
+ type: string
+ description: The unique ID of the campaign.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the campaign.
+ example: Campaign Name
+ type:
+ type: string
+ enum:
+ - CAMPAIGN
+ description: The type of object that is being referenced.
+ example: CAMPAIGN
+ campaignType:
+ type: string
+ enum:
+ - MANAGER
+ - SOURCE_OWNER
+ - SEARCH
+ description: The type of the campaign.
+ example: MANAGER
+ description:
+ type: string
+ description: The description of the campaign set by the admin who created it.
+ nullable: true
+ example: A description of the campaign
+ completed:
+ type: boolean
+ description: Have all decisions been made?
+ example: true
+ identitiesCompleted:
+ type: integer
+ description: The number of identities for whom all decisions have been made and are complete.
+ example: 5
+ identitiesTotal:
+ type: integer
+ description: 'The total number of identities in the Certification, both complete and incomplete.'
+ example: 10
+ created:
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ decisionsMade:
+ type: integer
+ description: The number of approve/revoke/acknowledge decisions that have been made.
+ example: 20
+ decisionsTotal:
+ type: integer
+ description: The total number of approve/revoke/acknowledge decisions.
+ example: 40
+ due:
+ type: string
+ format: date-time
+ description: The due date of the certification.
+ example: '2018-10-19T13:49:37.385Z'
+ signed:
+ type: string
+ format: date-time
+ nullable: true
+ description: The date the reviewer signed off on the Certification.
+ example: '2018-10-19T13:49:37.385Z'
+ reviewer:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the reviewer.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the reviewer.
+ example: Reviewer Name
+ email:
+ type: string
+ description: The email of the reviewing identity.
+ example: reviewer@test.com
+ type:
+ type: string
+ enum:
+ - IDENTITY
+ created:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ reassignment:
+ type: object
+ nullable: true
+ properties:
+ from:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the certification.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the certification.
+ example: Certification Name
+ type:
+ type: string
+ enum:
+ - CERTIFICATION
+ reviewer:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the reviewer.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the reviewer.
+ example: Reviewer Name
+ email:
+ type: string
+ description: The email of the reviewing identity.
+ example: reviewer@test.com
+ type:
+ type: string
+ enum:
+ - IDENTITY
+ created:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ comment:
+ type: string
+ description: The comment entered when the Certification was reassigned
+ example: Reassigned for a reason
+ hasErrors:
+ type: boolean
+ example: false
+ errorMessage:
+ nullable: true
+ type: string
+ example: The certification has an error
+ phase:
+ type: string
+ description: |
+ The current phase of the campaign.
+ * `STAGED`: The campaign is waiting to be activated.
+ * `ACTIVE`: The campaign is active.
+ * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete.
+ enum:
+ - STAGED
+ - ACTIVE
+ - SIGNED
+ example: ACTIVE
+ CertificationReference:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the certification.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the certification.
+ example: Certification Name
+ type:
+ type: string
+ enum:
+ - CERTIFICATION
+ reviewer:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the reviewer.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the reviewer.
+ example: Reviewer Name
+ email:
+ type: string
+ description: The email of the reviewing identity.
+ example: reviewer@test.com
+ type:
+ type: string
+ enum:
+ - IDENTITY
+ created:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ EntitlementDocument:
+ description: Entitlement
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ attribute:
+ type: string
+ value:
+ type: string
+ - type: object
+ properties:
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ displayName:
+ type: string
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ privileged:
+ type: boolean
+ identityCount:
+ type: integer
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ EntitlementSummary:
+ description: EntitlementReference
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ privileged:
+ type: boolean
+ attribute:
+ type: string
+ value:
+ type: string
+ standalone:
+ type: boolean
+ Event:
+ description: Event
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - type: object
+ properties:
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ action:
+ type: string
+ type:
+ type: string
+ actor:
+ type: object
+ properties:
+ name:
+ type: string
+ example: John Doe
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ target:
+ type: object
+ properties:
+ name:
+ type: string
+ example: John Doe
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ stack:
+ type: string
+ trackingNumber:
+ type: string
+ ipAddress:
+ type: string
+ details:
+ type: string
+ attributes:
+ type: object
+ objects:
+ type: array
+ items:
+ type: string
+ operation:
+ type: string
+ status:
+ type: string
+ technicalName:
+ type: string
+ IdentityDocument:
+ description: Identity
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ firstName:
+ type: string
+ lastName:
+ type: string
+ displayName:
+ type: string
+ email:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ phone:
+ type: string
+ inactive:
+ type: boolean
+ protected:
+ type: boolean
+ status:
+ type: string
+ employeeNumber:
+ type: string
+ manager:
+ nullable: true
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ isManager:
+ type: boolean
+ identityProfile:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ attributes:
+ type: object
+ description: a map or dictionary of key/value pairs
+ processingState:
+ type: string
+ nullable: true
+ processingDetails:
+ nullable: true
+ type: object
+ properties:
+ date:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ stage:
+ type: string
+ retryCount:
+ type: integer
+ stackTrace:
+ type: string
+ message:
+ type: string
+ accounts:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ accountId:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ disabled:
+ type: boolean
+ locked:
+ type: boolean
+ privileged:
+ type: boolean
+ manuallyCorrelated:
+ type: boolean
+ passwordLastSet:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ entitlementAttributes:
+ type: object
+ nullable: true
+ description: a map or dictionary of key/value pairs
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ accountCount:
+ type: integer
+ apps:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ account:
+ type: object
+ properties:
+ id:
+ type: string
+ accountId:
+ type: string
+ appCount:
+ type: integer
+ access:
+ type: array
+ items:
+ discriminator:
+ propertyName: type
+ mapping:
+ ACCESS_PROFILE: ../access/AccessProfile.yaml
+ ENTITLEMENT: ../access/Entitlement.yaml
+ ROLE: ../access/Role.yaml
+ oneOf:
+ - description: 'This is a summary representation of an access profile. '
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ owner:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ revocable:
+ type: boolean
+ - description: EntitlementReference
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ privileged:
+ type: boolean
+ attribute:
+ type: string
+ value:
+ type: string
+ standalone:
+ type: boolean
+ - description: Role
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ owner:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ disabled:
+ type: boolean
+ revocable:
+ type: boolean
+ accessCount:
+ type: integer
+ accessProfileCount:
+ type: integer
+ entitlementCount:
+ type: integer
+ roleCount:
+ type: integer
+ owns:
+ type: object
+ properties:
+ sources:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ entitlements:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ accessProfiles:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ roles:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ apps:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ governanceGroups:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ fallbackApprover:
+ type: boolean
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ IdentityProfile:
+ allOf:
+ - type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ - type: object
+ properties:
+ description:
+ type: string
+ description: The description of the Identity Profile.
+ example: My custom flat file profile
+ owner:
+ description: The owner of the Identity Profile.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ priority:
+ type: integer
+ format: int64
+ description: The priority for an Identity Profile.
+ example: 10
+ authoritativeSource:
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - SOURCE
+ description: Type of the object to which this reference applies
+ example: SOURCE
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c9180835d191a86015d28455b4b232a
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: HR Active Directory
+ identityRefreshRequired:
+ type: boolean
+ description: True if a identity refresh is needed. Typically triggered when a change on the source has been made.
+ example: true
+ identityCount:
+ type: integer
+ description: The number of identities that belong to the Identity Profile.
+ format: int32
+ example: 8
+ identityAttributeConfig:
+ type: object
+ description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process.
+ properties:
+ enabled:
+ description: The backend will only promote values if the profile/mapping is enabled.
+ type: boolean
+ example: true
+ attributeTransforms:
+ type: array
+ items:
+ type: object
+ description: Defines a transformation definition for an identity attribute.
+ properties:
+ identityAttributeName:
+ type: string
+ description: Name of the identity attribute.
+ example: email
+ transformDefinition:
+ description: The seaspray transformation definition.
+ type: object
+ properties:
+ type:
+ type: string
+ description: The type of the transform definition.
+ example: accountAttribute
+ attributes:
+ type: object
+ additionalProperties:
+ type: object
+ description: Arbitrary key-value pairs to store any metadata for the object
+ example:
+ attributeName: e-mail
+ sourceName: MySource
+ sourceId: 2c9180877a826e68017a8c0b03da1a53
+ identityExceptionReportReference:
+ type: object
+ properties:
+ taskResultId:
+ type: string
+ format: uuid
+ description: The id of the task result.
+ example: 2c918086795cd09201795d5f7d7533df
+ reportName:
+ type: string
+ example: My annual report
+ description: The name of the report.
+ hasTimeBasedAttr:
+ description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile.
+ type: boolean
+ example: true
+ IdentityReferenceWithNameAndEmail:
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ ProvisioningConfig:
+ type: object
+ description: Specification of a Service Desk integration provisioning configuration.
+ properties:
+ universalManager:
+ description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
+ type: boolean
+ readOnly: true
+ managedResourceRefs:
+ description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
+ type: array
+ items:
+ default:
+ type: SOURCE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ planInitializerScript:
+ description: This is a reference to a plan initializer script.
+ type: object
+ properties:
+ source:
+ description: This is a Rule that allows provisioning instruction changes.
+ type: string
+ ProvisioningPolicy:
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description:
+ type: string
+ usageType:
+ type: string
+ nullable: false
+ enum:
+ - CREATE
+ - UPDATE
+ - DELETE
+ - ASSIGN
+ - UNASSIGN
+ - CREATE_GROUP
+ - UPDATE_GROUP
+ - DELETE_GROUP
+ - REGISTER
+ - CREATE_IDENTITY
+ - UPDATE_IDENTITY
+ - EDIT_GROUP
+ - ENABLE
+ - DISABLE
+ - UNLOCK
+ - CHANGE_PASSWORD
+ fields:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ description: The name of the attribute.
+ example: userName
+ transform:
+ type: object
+ description: The transform to apply to the field
+ example:
+ type: rule
+ attributes:
+ name: Create Unique LDAP Attribute
+ default: {}
+ attributes:
+ type: object
+ description: Attributes required for the transform
+ example:
+ template: '${firstname}.${lastname}${uniqueCounter}'
+ cloudMaxUniqueChecks: '50'
+ cloudMaxSize: '20'
+ cloudRequired: 'true'
+ isRequired:
+ type: boolean
+ readOnly: true
+ description: Flag indicating whether or not the attribute is required.
+ default: false
+ example: false
+ type:
+ type: string
+ description: The type of the attribute.
+ example: string
+ isMultiValued:
+ type: boolean
+ description: Flag indicating whether or not the attribute is multi-valued.
+ default: false
+ example: false
+ QueuedCheckConfigDetails:
+ description: Configuration of maximum number days and interval for checking Service Desk integration queue status
+ required:
+ - provisioningStatusCheckIntervalMinutes
+ - provisioningMaxStatusCheckDays
+ type: object
+ properties:
+ provisioningStatusCheckIntervalMinutes:
+ description: interval in minutes between status checks
+ type: string
+ example: 30
+ provisioningMaxStatusCheckDays:
+ description: maximum number of days to check
+ type: string
+ example: 2
+ Reassignment:
+ type: object
+ nullable: true
+ properties:
+ from:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the certification.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the certification.
+ example: Certification Name
+ type:
+ type: string
+ enum:
+ - CERTIFICATION
+ reviewer:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the reviewer.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the reviewer.
+ example: Reviewer Name
+ email:
+ type: string
+ description: The email of the reviewing identity.
+ example: reviewer@test.com
+ type:
+ type: string
+ enum:
+ - IDENTITY
+ created:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ comment:
+ type: string
+ description: The comment entered when the Certification was reassigned
+ example: Reassigned for a reason
+ ReassignmentReference:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of item or identity being reassigned.
+ example: ef38f94347e94562b5bb8424a56397d8
+ type:
+ type: string
+ enum:
+ - TARGET_SUMMARY
+ - ITEM
+ - IDENTITY_SUMMARY
+ required:
+ - id
+ - type
+ RemediationItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of the certification
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetId:
+ type: string
+ description: The ID of the certification target
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetName:
+ type: string
+ description: The name of the certification target
+ example: john.smith
+ targetDisplayName:
+ type: string
+ description: The display name of the certification target
+ example: emailAddress
+ applicationName:
+ type: string
+ description: The name of the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute being certified
+ example: phoneNumber
+ attributeOperation:
+ type: string
+ description: The operation of the certification on the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute being certified
+ example: 512-555-1212
+ nativeIdentity:
+ type: string
+ description: The native identity of the target
+ example: jason.smith2
+ RequestableObject:
+ type: object
+ properties:
+ id:
+ type: string
+ description: Id of the requestable object itself
+ example: 2c9180835d2e5168015d32f890ca1581
+ name:
+ type: string
+ description: Human-readable display name of the requestable object
+ example: Applied Research Access
+ created:
+ type: string
+ format: date-time
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ nullable: true
+ type: string
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description:
+ type: string
+ description: Description of the requestable object.
+ example: 'Access to research information, lab results, and schematics.'
+ type:
+ type: string
+ enum:
+ - ACCESS_PROFILE
+ - ROLE
+ description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.
+ example: ACCESS_PROFILE
+ requestStatus:
+ type: string
+ enum:
+ - AVAILABLE
+ - PENDING
+ - ASSIGNED
+ description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.'
+ identityRequestId:
+ type: string
+ description: 'If *requestStatus* is *PENDING*, indicates the id of the associated account activity.'
+ nullable: true
+ example: null
+ ownerRef:
+ type: object
+ nullable: true
+ properties:
+ type:
+ type: string
+ description: The type can only be IDENTITY. This is read-only
+ example: IDENTITY
+ id:
+ type: string
+ description: Identity id.
+ example: 5168015d32f890ca15812c9180835d2e
+ name:
+ type: string
+ description: Human-readable display name of identity. This is read-only
+ example: Alison Ferguso
+ email:
+ type: string
+ description: Email address of identity. This is read-only
+ example: alison.ferguso@identitysoon.com
+ requestCommentsRequired:
+ type: boolean
+ description: Whether the requester must provide comments when requesting the object.
+ RequestableObjectType:
+ type: string
+ enum:
+ - ACCESS_PROFILE
+ - ROLE
+ description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice.
+ example: ACCESS_PROFILE
+ RequestableObjectRequestStatus:
+ type: string
+ enum:
+ - AVAILABLE
+ - PENDING
+ - ASSIGNED
+ description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.'
+ Reviewer:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The id of the reviewer.
+ example: ef38f94347e94562b5bb8424a56397d8
+ name:
+ type: string
+ description: The name of the reviewer.
+ example: Reviewer Name
+ email:
+ type: string
+ description: The email of the reviewing identity.
+ example: reviewer@test.com
+ type:
+ type: string
+ enum:
+ - IDENTITY
+ created:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ modified:
+ nullable: true
+ example: '2018-06-25T20:22:28.104Z'
+ format: date-time
+ type: string
+ RoleDocument:
+ description: Role
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ enabled:
+ type: boolean
+ requestable:
+ type: boolean
+ requestCommentsRequired:
+ type: boolean
+ owner:
+ allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ - type: object
+ properties:
+ email:
+ type: string
+ - type: object
+ properties:
+ accessProfiles:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ accessProfileCount:
+ type: integer
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ RoleSummary:
+ description: Role
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ owner:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ disabled:
+ type: boolean
+ revocable:
+ type: boolean
+ SearchDocument:
+ discriminator:
+ propertyName: _type
+ mapping:
+ accessprofile: ../model/access/profile/AccessProfile.yaml
+ accountactivity: ../model/account/activity/AccountActivity.yaml
+ account: ../model/account/Account.yaml
+ aggregation: ../model/aggregation/Aggregation.yaml
+ entitlement: ../model/entitlement/Entitlement.yaml
+ event: ../model/event/Event.yaml
+ identity: ../model/identity/Identity.yaml
+ role: ../model/role/Role.yaml
+ oneOf:
+ - description: 'This is more of a complete representation of an access profile. '
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ enabled:
+ type: boolean
+ requestable:
+ type: boolean
+ requestCommentsRequired:
+ type: boolean
+ owner:
+ allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ - type: object
+ properties:
+ email:
+ type: string
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ entitlements:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ attribute:
+ type: string
+ value:
+ type: string
+ entitlementCount:
+ type: integer
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ - description: AccountActivity
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - type: object
+ properties:
+ action:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ stage:
+ type: string
+ origin:
+ type: string
+ status:
+ type: string
+ requester:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ recipient:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ trackingNumber:
+ type: string
+ errors:
+ type: array
+ items:
+ type: string
+ warnings:
+ type: array
+ items:
+ type: string
+ approvals:
+ type: array
+ items:
+ type: object
+ properties:
+ comments:
+ type: array
+ items:
+ type: object
+ properties:
+ comment:
+ type: string
+ commenter:
+ type: string
+ date:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ owner:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ result:
+ type: string
+ type:
+ type: string
+ originalRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ accountId:
+ type: string
+ attributeRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ op:
+ type: string
+ value:
+ type: string
+ op:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ expansionItems:
+ type: array
+ items:
+ type: object
+ properties:
+ accountId:
+ type: string
+ cause:
+ type: string
+ name:
+ type: string
+ attributeRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ op:
+ type: string
+ value:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ accountRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ accountId:
+ type: string
+ attributeRequests:
+ type: array
+ items:
+ type: object
+ properties:
+ name:
+ type: string
+ op:
+ type: string
+ value:
+ type: string
+ op:
+ type: string
+ provisioningTarget:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ result:
+ type: object
+ properties:
+ errors:
+ type: array
+ items:
+ type: string
+ status:
+ type: string
+ ticketId:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ sources:
+ type: array
+ items:
+ type: string
+ - description: Account
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ accountId:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ disabled:
+ type: boolean
+ locked:
+ type: boolean
+ privileged:
+ type: boolean
+ manuallyCorrelated:
+ type: boolean
+ passwordLastSet:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ entitlementAttributes:
+ type: object
+ nullable: true
+ description: a map or dictionary of key/value pairs
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ - type: object
+ properties:
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ attributes:
+ type: object
+ description: a map or dictionary of key/value pairs
+ identity:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ access:
+ type: array
+ items:
+ description: EntitlementReference
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ privileged:
+ type: boolean
+ attribute:
+ type: string
+ value:
+ type: string
+ standalone:
+ type: boolean
+ entitlementCount:
+ type: integer
+ uncorrelated:
+ type: boolean
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ - description: Aggregation
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - type: object
+ properties:
+ status:
+ type: string
+ duration:
+ type: integer
+ avgDuration:
+ type: integer
+ changedAccounts:
+ type: integer
+ nextScheduled:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ startTime:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ sourceOwner:
+ type: string
+ - description: Entitlement
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ attribute:
+ type: string
+ value:
+ type: string
+ - type: object
+ properties:
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ displayName:
+ type: string
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ privileged:
+ type: boolean
+ identityCount:
+ type: integer
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ - description: Event
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - type: object
+ properties:
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ action:
+ type: string
+ type:
+ type: string
+ actor:
+ type: object
+ properties:
+ name:
+ type: string
+ example: John Doe
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ target:
+ type: object
+ properties:
+ name:
+ type: string
+ example: John Doe
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ stack:
+ type: string
+ trackingNumber:
+ type: string
+ ipAddress:
+ type: string
+ details:
+ type: string
+ attributes:
+ type: object
+ objects:
+ type: array
+ items:
+ type: string
+ operation:
+ type: string
+ status:
+ type: string
+ technicalName:
+ type: string
+ - description: Identity
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ firstName:
+ type: string
+ lastName:
+ type: string
+ displayName:
+ type: string
+ email:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ phone:
+ type: string
+ inactive:
+ type: boolean
+ protected:
+ type: boolean
+ status:
+ type: string
+ employeeNumber:
+ type: string
+ manager:
+ nullable: true
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ isManager:
+ type: boolean
+ identityProfile:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ attributes:
+ type: object
+ description: a map or dictionary of key/value pairs
+ processingState:
+ type: string
+ nullable: true
+ processingDetails:
+ nullable: true
+ type: object
+ properties:
+ date:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ stage:
+ type: string
+ retryCount:
+ type: integer
+ stackTrace:
+ type: string
+ message:
+ type: string
+ accounts:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ accountId:
+ type: string
+ source:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ disabled:
+ type: boolean
+ locked:
+ type: boolean
+ privileged:
+ type: boolean
+ manuallyCorrelated:
+ type: boolean
+ passwordLastSet:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ entitlementAttributes:
+ type: object
+ nullable: true
+ description: a map or dictionary of key/value pairs
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ accountCount:
+ type: integer
+ apps:
+ type: array
+ items:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ account:
+ type: object
+ properties:
+ id:
+ type: string
+ accountId:
+ type: string
+ appCount:
+ type: integer
+ access:
+ type: array
+ items:
+ discriminator:
+ propertyName: type
+ mapping:
+ ACCESS_PROFILE: ../access/AccessProfile.yaml
+ ENTITLEMENT: ../access/Entitlement.yaml
+ ROLE: ../access/Role.yaml
+ oneOf:
+ - description: 'This is a summary representation of an access profile. '
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ owner:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ revocable:
+ type: boolean
+ - description: EntitlementReference
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ source:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ privileged:
+ type: boolean
+ attribute:
+ type: string
+ value:
+ type: string
+ standalone:
+ type: boolean
+ - description: Role
+ allOf:
+ - allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ description:
+ type: string
+ nullable: true
+ - type: object
+ properties:
+ owner:
+ allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ displayName:
+ type: string
+ example: John Q. Doe
+ disabled:
+ type: boolean
+ revocable:
+ type: boolean
+ accessCount:
+ type: integer
+ accessProfileCount:
+ type: integer
+ entitlementCount:
+ type: integer
+ roleCount:
+ type: integer
+ owns:
+ type: object
+ properties:
+ sources:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ entitlements:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ accessProfiles:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ roles:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ apps:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ governanceGroups:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ fallbackApprover:
+ type: boolean
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ - description: Role
+ allOf:
+ - type: object
+ required:
+ - id
+ - name
+ - _type
+ properties:
+ id:
+ type: string
+ name:
+ type: string
+ _type:
+ description: |-
+ Enum representing the currently supported document types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofile
+ - accountactivity
+ - account
+ - aggregation
+ - entitlement
+ - event
+ - identity
+ - role
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ description:
+ type: string
+ created:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ modified:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ synced:
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description: A date-time in ISO-8601 format
+ enabled:
+ type: boolean
+ requestable:
+ type: boolean
+ requestCommentsRequired:
+ type: boolean
+ owner:
+ allOf:
+ - allOf:
+ - type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ - type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ - type: object
+ properties:
+ email:
+ type: string
+ - type: object
+ properties:
+ accessProfiles:
+ type: array
+ items:
+ type: object
+ properties:
+ id:
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ example: John Doe
+ accessProfileCount:
+ type: integer
+ tags:
+ type: array
+ items:
+ type: string
+ example:
+ - TAG_1
+ - TAG_2
+ SavedSearch:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ id:
+ description: |
+ The saved search ID.
+ type: string
+ example: 0de46054-fe90-434a-b84e-c6b3359d0c64
+ owner:
+ description: |
+ The owner of the saved search.
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ - type: object
+ properties:
+ name:
+ description: |
+ The name of the saved search.
+ type: string
+ example: Disabled accounts
+ description:
+ description: |
+ The description of the saved search.
+ type: string
+ example: Disabled accounts
+ - type: object
+ properties:
+ public:
+ description: |
+ Indicates if the saved search is public.
+ type: boolean
+ default: false
+ created:
+ description: |
+ The date the saved search was initially created.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ modified:
+ description: |
+ The last date the saved search was modified.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ indices:
+ description: |
+ The names of the Elasticsearch indices in which to search.
+ type: array
+ items:
+ description: |-
+ Enum representing the currently supported indices.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - accessprofiles
+ - accountactivities
+ - entitlements
+ - events
+ - identities
+ - roles
+ example: identities
+ example:
+ - identities
+ columns:
+ description: |
+ The columns to be returned (specifies the order in which they will be presented) for each document type.
+
+ The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_.
+ type: object
+ additionalProperties:
+ type: array
+ items:
+ type: object
+ properties:
+ field:
+ description: |
+ The name of the field.
+ type: string
+ header:
+ description: |
+ The value of the header.
+ type: string
+ required:
+ - field
+ example:
+ identity:
+ - field: displayName
+ header: Display Name
+ - field: email
+ header: Work Email
+ - field: attributes.cloudLifecycleState
+ header: Lifecycle State
+ query:
+ description: |
+ The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL.
+ type: string
+ example: '@accounts(disabled:true)'
+ fields:
+ description: |
+ The fields to be searched against in a multi-field query.
+ type: array
+ items:
+ type: string
+ example:
+ - disabled
+ sort:
+ description: |
+ The fields to be used to sort the search results.
+ type: array
+ items:
+ type: string
+ example:
+ - displayName
+ filters:
+ nullable: true
+ allOf:
+ - type: object
+ description: The filters to be applied for each filtered field name.
+ example:
+ attributes.cloudAuthoritativeSource:
+ type: EXISTS
+ exclude: true
+ accessCount:
+ type: RANGE
+ range:
+ lower:
+ value: '3'
+ created:
+ type: RANGE
+ range:
+ lower:
+ value: '2019-12-01'
+ inclusive: true
+ upper:
+ value: '2020-01-01'
+ source.name:
+ type: TERMS
+ terms:
+ - HR Employees
+ - Corporate Active Directory
+ exclude: true
+ protected:
+ type: TERMS
+ terms:
+ - 'true'
+ - type: object
+ properties:
+ type:
+ description: |-
+ Enum representing the currently supported filter types.
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - EXISTS
+ - RANGE
+ - TERMS
+ example: RANGE
+ range:
+ type: object
+ description: The range of values to be filtered.
+ properties:
+ lower:
+ description: The lower bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ upper:
+ description: The upper bound of the range.
+ type: object
+ required:
+ - value
+ properties:
+ value:
+ description: The value of the range's endpoint.
+ type: string
+ inclusive:
+ description: Indicates if the endpoint is included in the range.
+ type: boolean
+ default: false
+ terms:
+ description: The terms to be filtered.
+ type: array
+ items:
+ type: string
+ exclude:
+ description: Indicates if the filter excludes results.
+ type: boolean
+ default: false
+ required:
+ - indices
+ - query
+ Schedule:
+ type: object
+ description: |
+ The schedule information.
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported schedule types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - DAILY
+ - WEEKLY
+ - MONTHLY
+ - CALENDAR
+ example: WEEKLY
+ months:
+ description: The months selected.
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ days:
+ description: |
+ The days selected.
+ example:
+ type: LIST
+ values:
+ - MON
+ - WED
+ - FRI
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ hours:
+ description: |
+ The hours selected.
+ example:
+ type: RANGE
+ values:
+ - '9'
+ - '18'
+ interval: 3
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ expiration:
+ description: |
+ The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ timeZoneId:
+ description: |
+ The ID of the time zone for the schedule.
+ type: string
+ example: 'GMT-06:00'
+ required:
+ - type
+ - hours
+ ScheduledSearch:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ name:
+ description: |
+ The name of the scheduled search.
+ type: string
+ example: Daily disabled accounts
+ description:
+ description: |
+ The description of the scheduled search.
+ type: string
+ example: Daily disabled accounts
+ - type: object
+ properties:
+ savedSearchId:
+ description: |
+ The ID of the saved search that will be executed.
+ type: string
+ example: 554f1511-f0a1-4744-ab14-599514d3e57c
+ created:
+ description: |
+ The date the scheduled search was initially created.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ modified:
+ description: |
+ The last date the scheduled search was modified.
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ schedule:
+ type: object
+ description: |
+ The schedule information.
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported schedule types.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - DAILY
+ - WEEKLY
+ - MONTHLY
+ - CALENDAR
+ example: WEEKLY
+ months:
+ description: The months selected.
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ days:
+ description: |
+ The days selected.
+ example:
+ type: LIST
+ values:
+ - MON
+ - WED
+ - FRI
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ hours:
+ description: |
+ The hours selected.
+ example:
+ type: RANGE
+ values:
+ - '9'
+ - '18'
+ interval: 3
+ type: object
+ nullable: true
+ properties:
+ type:
+ description: |
+ Enum representing the currently supported selector types.
+
+ LIST - the *values* array contains one or more distinct values.
+
+ RANGE - the *values* array contains two values: the start and end of the range, inclusive.
+
+ Additional values may be added in the future without notice.
+ type: string
+ enum:
+ - LIST
+ - RANGE
+ example: LIST
+ values:
+ description: |
+ The selected values.
+ type: array
+ items:
+ type: string
+ example:
+ - MON
+ - WED
+ interval:
+ nullable: true
+ description: |
+ The selected interval for RANGE selectors.
+ type: integer
+ format: int32
+ example: 3
+ required:
+ - type
+ - values
+ expiration:
+ description: |
+ The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000'
+ type: string
+ nullable: true
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ timeZoneId:
+ description: |
+ The ID of the time zone for the schedule.
+ type: string
+ example: 'GMT-06:00'
+ required:
+ - type
+ - hours
+ recipients:
+ description: |
+ The email recipients.
+ type: array
+ items:
+ type: object
+ description: |
+ A typed reference to the object.
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ enabled:
+ description: |
+ Indicates if the scheduled search is enabled.
+ type: boolean
+ default: false
+ emailEmptyResults:
+ description: |
+ Indicates if email generation should not be suppressed if search returns no results.
+ type: boolean
+ default: false
+ displayQueryDetails:
+ description: |
+ Indicates if the generated email should include the query and search results preview (which could include PII).
+ type: boolean
+ default: false
+ required:
+ - savedSearchId
+ - schedule
+ - recipients
+ - type: object
+ properties:
+ id:
+ description: |
+ The scheduled search ID.
+ type: string
+ example: 0de46054-fe90-434a-b84e-c6b3359d0c64
+ owner:
+ description: |
+ The owner of the scheduled search.
+ type: object
+ properties:
+ type:
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
+ example: IDENTITY
+ id:
+ description: |
+ The id of the object.
+ type: string
+ example: 2c91808568c529c60168cca6f90c1313
+ required:
+ - type
+ - id
+ ownerId:
+ description: The ID of the scheduled search owner
+ type: string
+ example: 2c9180867624cbd7017642d8c8c81f67
+ ServiceDeskIntegrationDto:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ description: Specification of a Service Desk integration
+ required:
+ - description
+ - type
+ - attributes
+ properties:
+ description:
+ description: Description of the Service Desk integration
+ type: string
+ example: A very nice Service Desk integration
+ type:
+ description: Type of the Service Desk integration
+ type: string
+ default: ServiceNowSDIM
+ ownerRef:
+ description: Reference to the identity that is the owner of this Service Desk integration
+ default:
+ type: IDENTITY
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ clusterRef:
+ description: Reference to the source cluster for this Service Desk integration
+ default:
+ type: CLUSTER
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ cluster:
+ description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)'
+ type: string
+ example: xyzzy999
+ deprecated: true
+ managedSources:
+ description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)'
+ type: array
+ items:
+ type: string
+ deprecated: true
+ provisioningConfig:
+ description: The 'provisioningConfig' property specifies the configuration used to provision integrations.
+ type: object
+ properties:
+ universalManager:
+ description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
+ type: boolean
+ readOnly: true
+ managedResourceRefs:
+ description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
+ type: array
+ items:
+ default:
+ type: SOURCE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ planInitializerScript:
+ description: This is a reference to a plan initializer script.
+ type: object
+ properties:
+ source:
+ description: This is a Rule that allows provisioning instruction changes.
+ type: string
+ attributes:
+ description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation.
+ type: object
+ additionalProperties: true
+ beforeProvisioningRule:
+ description: Reference to beforeProvisioningRule for this Service Desk integration
+ default:
+ type: RULE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ ServiceDeskIntegrationTemplateDto:
+ allOf:
+ - type: object
+ required:
+ - name
+ properties:
+ id:
+ description: System-generated unique ID of the Object
+ type: string
+ example: id12345
+ readOnly: true
+ name:
+ description: Name of the Object
+ type: string
+ example: aName
+ created:
+ description: Creation date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ modified:
+ description: Last modification date of the Object
+ type: string
+ example: 2015-05-28T14:07:17.000Z
+ format: date-time
+ readOnly: true
+ - type: object
+ description: 'This is the model for a Service Desk integration template, used to create and edit Service Desk Integrations.'
+ required:
+ - type
+ - attributes
+ - provisioningConfig
+ properties:
+ type:
+ description: The 'type' property specifies the type of the Service Desk integration template.
+ type: string
+ example: Web Service SDIM
+ default: Web Service SDIM
+ attributes:
+ description: The 'attributes' property value is a map of attributes available for integrations using this Service Desk integration template.
+ type: object
+ additionalProperties: true
+ provisioningConfig:
+ description: The 'provisioningConfig' property specifies the configuration used to provision integrations using the template.
+ type: object
+ properties:
+ universalManager:
+ description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.'
+ type: boolean
+ readOnly: true
+ managedResourceRefs:
+ description: References to sources for the Service Desk integration template. May only be specified if universalManager is false.
+ type: array
+ items:
+ default:
+ type: SOURCE
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ planInitializerScript:
+ description: This is a reference to a plan initializer script.
+ type: object
+ properties:
+ source:
+ description: This is a Rule that allows provisioning instruction changes.
+ type: string
+ ServiceDeskIntegrationTemplateType:
+ description: This represents a Service Desk Integration template type.
+ required:
+ - type
+ - scriptName
+ type: object
+ properties:
+ name:
+ description: This is the name of the type.
+ example: aName
+ type: string
+ type:
+ description: This is the type value for the type.
+ example: aType
+ type: string
+ scriptName:
+ description: This is the scriptName attribute value for the type.
+ example: aScriptName
+ type: string
+ Source:
+ type: object
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: the id of the Source
+ example: 2c91808568c529c60168cca6f90c1324
+ description:
+ type: string
+ description: Human-readable description of the source
+ example: This is the corporate directory.
+ owner:
+ description: Reference to an owning Identity Object
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ cluster:
+ description: Reference to the associated Cluster
+ example:
+ type: CLUSTER
+ id: 2c9180866166b5b0016167c32ef31a66
+ name: Corporate Cluster
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationConfig:
+ description: Reference to a Correlation Config object
+ example:
+ type: ACCOUNT_CORRELATION_CONFIG
+ id: 2c9180855d191c59015d28583727245a
+ name: 'Directory [source-62867] Account Correlation'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ accountCorrelationRule:
+ description: 'Reference to a Rule that can do COMPLEX the correlation, should only be used when accountCorrelationConfig can''t be used.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ managerCorrelationMapping:
+ description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity
+ type: object
+ properties:
+ accountAttribute:
+ type: string
+ description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity.
+ example: manager
+ identityAttribute:
+ type: string
+ description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute.
+ example: manager
+ managerCorrelationRule:
+ description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.'
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ beforeProvisioningRule:
+ description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called.
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ schemas:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to Schema objects
+ example:
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232a
+ name: account
+ - type: CONNECTOR_SCHEMA
+ id: 2c9180835d191a86015d28455b4b232b
+ name: group
+ passwordPolicies:
+ type: array
+ items:
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ description: List of references to the associated PasswordPolicy objects.
+ example:
+ - type: PASSWORD_POLICY
+ id: 2c9180855d191c59015d291ceb053980
+ name: Corporate Password Policy
+ features:
+ type: array
+ description: Optional features that can be supported by a source.
+ items:
+ type: string
+ enum:
+ - AUTHENTICATE
+ - COMPOSITE
+ - DIRECT_PERMISSIONS
+ - DISCOVER_SCHEMA
+ - ENABLE
+ - MANAGER_LOOKUP
+ - NO_RANDOM_ACCESS
+ - PROXY
+ - SEARCH
+ - TEMPLATE
+ - UNLOCK
+ - UNSTRUCTURED_TARGETS
+ - SHAREPOINT_TARGET
+ - PROVISIONING
+ - GROUP_PROVISIONING
+ - SYNC_PROVISIONING
+ - PASSWORD
+ - CURRENT_PASSWORD
+ - ACCOUNT_ONLY_REQUEST
+ - ADDITIONAL_ACCOUNT_REQUEST
+ - NO_AGGREGATION
+ - GROUPS_HAVE_MEMBERS
+ - NO_PERMISSIONS_PROVISIONING
+ - NO_GROUP_PERMISSIONS_PROVISIONING
+ - NO_UNSTRUCTURED_TARGETS_PROVISIONING
+ - NO_DIRECT_PERMISSIONS_PROVISIONING
+ description: |-
+ Optional features that can be supported by an source.
+ * AUTHENTICATE: The source supports pass-through authentication.
+ * COMPOSITE: The source supports composite source creation.
+ * DIRECT_PERMISSIONS: The source supports returning DirectPermissions.
+ * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups.
+ * ENABLE The source supports reading if an account is enabled or disabled.
+ * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS.
+ * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform.
+ * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source.
+ * SEARCH
+ * TEMPLATE
+ * UNLOCK: The source supports reading if an account is locked or unlocked.
+ * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets.
+ * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources.
+ * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation.
+ * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented.
+ * SYNC_PROVISIONING: The source can provision accounts synchronously.
+ * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature.
+ * CURRENT_PASSWORD: Some source types support verification of the current password
+ * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements.
+ * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts.
+ * NO_AGGREGATION: A source that does not support aggregation.
+ * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation.
+ * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts.
+ * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups.
+ * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING.
+ example:
+ - SYNC_PROVISIONING
+ - MANAGER_LOOKUP
+ - SEARCH
+ - PROVISIONING
+ - AUTHENTICATE
+ - GROUP_PROVISIONING
+ - PASSWORD
+ type:
+ type: string
+ description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..'
+ example: OpenLDAP - Direct
+ connector:
+ type: string
+ description: Connector script name.
+ example: active-directory
+ connectorClass:
+ type: string
+ description: The fully qualified name of the Java class that implements the connector interface.
+ example: sailpoint.connector.LDAPConnector
+ connectorAttributes:
+ type: object
+ description: Connector specific configuration; will differ from type to type.
+ example:
+ healthCheckTimeout: 30
+ authSearchAttributes:
+ - cn
+ - uid
+ - mail
+ deleteThreshold:
+ type: integer
+ format: int32
+ description: Number from 0 to 100 that specifies when to skip the delete phase.
+ example: 10
+ authoritative:
+ type: boolean
+ description: When true indicates the source is referenced by an IdentityProfile.
+ example: false
+ managementWorkgroup:
+ description: Reference to Management Workgroup for this Source
+ type: object
+ properties:
+ type:
+ description: DTO type
+ type: string
+ enum:
+ - ACCOUNT_CORRELATION_CONFIG
+ - ACCESS_PROFILE
+ - ACCESS_REQUEST_APPROVAL
+ - ACCOUNT
+ - APPLICATION
+ - CAMPAIGN
+ - CAMPAIGN_FILTER
+ - CERTIFICATION
+ - CLUSTER
+ - CONNECTOR_SCHEMA
+ - ENTITLEMENT
+ - GOVERNANCE_GROUP
+ - IDENTITY
+ - IDENTITY_PROFILE
+ - IDENTITY_REQUEST
+ - LIFECYCLE_STATE
+ - PASSWORD_POLICY
+ - ROLE
+ - RULE
+ - SOD_POLICY
+ - SOURCE
+ - TAG_CATEGORY
+ - TASK_RESULT
+ - REPORT_RESULT
+ - SOD_VIOLATION
+ - ACCOUNT_ACTIVITY
+ example: IDENTITY
+ id:
+ type: string
+ description: ID of the object to which this reference applies
+ example: 2c91808568c529c60168cca6f90c1313
+ name:
+ type: string
+ description: Human-readable display name of the object to which this reference applies
+ example: William Wilson
+ healthy:
+ type: boolean
+ description: When true indicates a healthy source
+ example: true
+ status:
+ type: string
+ description: 'A status identifier, giving specific information on why a source is healthy or not'
+ example: SOURCE_STATE_HEALTHY
+ since:
+ type: string
+ description: Timestamp showing when a source health check was last performed
+ example: '2021-09-28T15:48:29.3801666300Z'
+ connectorId:
+ type: string
+ description: The id of connector
+ example: active-directory
+ connectorName:
+ type: string
+ description: The name of the connector that was chosen on source creation
+ example: Active Directory
+ connectionType:
+ type: string
+ description: The type of connection (direct or file)
+ example: file
+ connectorImplementstionId:
+ type: string
+ description: The connector implementstion id
+ example: delimited-file
+ SourceHealthDto:
+ type: object
+ description: Dto for source health data
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: the id of the Source
+ example: 2c91808568c529c60168cca6f90c1324
+ type:
+ type: string
+ description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..'
+ example: OpenLDAP - Direct
+ name:
+ type: string
+ description: the name of the source
+ example: Source1234
+ org:
+ type: string
+ description: source's org
+ example: denali-cjh
+ isAuthoritative:
+ type: boolean
+ isCluster:
+ type: boolean
+ hostname:
+ type: string
+ example: megapod-useast1-secret-hostname.sailpoint.com
+ pod:
+ type: string
+ description: source's pod
+ example: megapod-useast1
+ iqServiceVersion:
+ type: string
+ example: iqVersion123
+ status:
+ type: string
+ enum:
+ - SOURCE_STATE_ERROR_CLUSTER
+ - SOURCE_STATE_ERROR_SOURCE
+ - SOURCE_STATE_ERROR_VA
+ - SOURCE_STATE_FAILURE_CLUSTER
+ - SOURCE_STATE_FAILURE_SOURCE
+ - SOURCE_STATE_HEALTHY
+ - SOURCE_STATE_UNCHECKED_CLUSTER
+ - SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES
+ - SOURCE_STATE_UNCHECKED_SOURCE
+ - SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS
+ description: connection test result
+ example: SOURCE_STATE_UNCHECKED_SOURCE
+ Transform:
+ type: object
+ description: The representation of an internally- or customer-defined transform.
+ required:
+ - name
+ - type
+ - attributes
+ properties:
+ id:
+ type: string
+ readOnly: true
+ description: Unique ID of this transform
+ example: 2cd78adghjkja34jh2b1hkjhasuecd
+ name:
+ type: string
+ description: Unique name of this transform
+ example: Timestamp To Date
+ type:
+ type: string
+ description: The type of transform operation
+ enum:
+ - accountAttribute
+ - base64Decode
+ - base64Encode
+ - concat
+ - conditional
+ - dateCompare
+ - dateFormat
+ - dateMath
+ - decomposeDiacriticalMarks
+ - e164phone
+ - firstValid
+ - rule
+ - identityAttribute
+ - indexOf
+ - iso3166
+ - lastIndexOf
+ - leftPad
+ - lookup
+ - lower
+ - normalizeNames
+ - randomAlphaNumeric
+ - randomNumeric
+ - reference
+ - replaceAll
+ - replace
+ - rightPad
+ - split
+ - static
+ - substring
+ - trim
+ - upper
+ - usernameGenerator
+ - uuid
+ example: dateFormat
+ externalDocs:
+ description: Transform Operations
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations'
+ attributes:
+ description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: base64Decode
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: base64Encode
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: concat
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: array
+ items:
+ type: object
+ description: An array of items to join together
+ example:
+ - John
+ - ' '
+ - Smith
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: conditional
+ type: object
+ required:
+ - expression
+ - positiveCondition
+ - negativeCondition
+ properties:
+ expression:
+ type: string
+ description: |-
+ A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms.
+
+ The `eq` operator is the only valid comparison
+ example: ValueA eq ValueB
+ positiveCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to true
+ example: 'true'
+ negativeCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to false
+ example: 'false'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateCompare
+ type: object
+ required:
+ - firstDate
+ - secondDate
+ - operator
+ - positiveCondition
+ - negativeCondition
+ properties:
+ firstDate:
+ description: This is the first date to consider (The date that would be on the left hand side of the comparison operation).
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ secondDate:
+ description: This is the second date to consider (The date that would be on the right hand side of the comparison operation).
+ oneOf:
+ - title: accountAttribute
+ type: object
+ required:
+ - sourceName
+ - attributeName
+ properties:
+ sourceName:
+ type: string
+ description: A reference to the source to search for the account
+ example: Workday
+ attributeName:
+ type: string
+ description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.'
+ example: DEPARTMENT
+ accountSortAttribute:
+ type: string
+ description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ example: created
+ accountSortDescending:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)'
+ example: false
+ accountReturnFirstLink:
+ type: string
+ description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false'
+ example: false
+ accountFilter:
+ type: string
+ description: |-
+ This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
+
+ Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
+ accountPropertyFilter:
+ type: string
+ description: |-
+ This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
+
+ All account attributes are available for filtering as this operation is performed in memory.
+ example: '(groups.containsAll({''Admin''}) || location == ''Austin'')'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ operator:
+ type: string
+ description: |
+ This is the comparison to perform.
+ | Operation | Description |
+ | --------- | ------- |
+ | LT | Strictly less than: firstDate < secondDate |
+ | LTE | Less than or equal to: firstDate <= secondDate |
+ | GT | Strictly greater than: firstDate > secondDate |
+ | GTE | Greater than or equal to: firstDate >= secondDate |
+ enum:
+ - LT
+ - LTE
+ - GT
+ - GTE
+ example: LT
+ positiveCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to true
+ example: 'true'
+ negativeCondition:
+ type: string
+ description: The output of the transform if the expression evalutes to false
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateFormat
+ type: object
+ properties:
+ inputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ outputFormat:
+ description: |-
+ A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
+
+ *If no inputFormat is provided, the transform assumes that it is in ISO8601 format*
+ oneOf:
+ - title: Named Construct
+ type: string
+ description: |
+ | Construct | Date Time Pattern | Description |
+ | --------- | ----------------- | ----------- |
+ | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. |
+ | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. |
+ | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. |
+ | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
+ | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
+ enum:
+ - ISO8601
+ - LDAP
+ - PEOPLE_SOFT
+ - EPOCH_TIME_JAVA
+ - EPOCH_TIME_WIN32
+ example: PEOPLE_SOFT
+ - title: Java Simple Date Format
+ type: string
+ description: |
+ There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
+
+ >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone.
+ (This table is from the SimpleDateFormat page.)
+
+ | Date Time Pattern | Result |
+ | ----------------- | ------ |
+ | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` |
+ | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 |
+ | `h:mm a` | 12:08 PM |
+ | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time |
+ | `K:mm a, z` | 0:08 PM, PDT |
+ | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM |
+ | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 |
+ | `yyMMddHHmmssZ` | 010704120856-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 |
+ | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 |
+ | `YYYY-'W'ww-u` | 2001-W27-3 |
+ example: mm/dd/yyyy
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: dateMath
+ type: object
+ required:
+ - expression
+ properties:
+ expression:
+ type: string
+ description: |
+ A string value of the date and time components to operation on, along with the math operations to execute.
+ externalDocs:
+ description: Date Math Expressions
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure'
+ example: now+1w
+ roundUp:
+ type: boolean
+ description: |
+ A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression.
+
+
+ If not provided, the transform will default to `false`
+
+
+ `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
+
+
+ `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: decomposeDiacriticalMarks
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: e164phone
+ type: object
+ properties:
+ defaultRegion:
+ type: string
+ description: |
+ This is an optional attribute that can be used to define the region of the phone number to format into.
+
+
+ If defaultRegion is not provided, it will take US as the default country.
+
+
+ The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
+ example: US
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: firstValid
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: array
+ items:
+ type: object
+ description: An array of attributes to evaluate for existence.
+ example:
+ - attributes:
+ sourceName: Active Directory
+ attributeName: sAMAccountName
+ type: accountAttribute
+ - attributes:
+ sourceName: Okta
+ attributeName: login
+ type: accountAttribute
+ - attributes:
+ sourceName: HR Source
+ attributeName: employeeID
+ type: accountAttribute
+ ignoreErrors:
+ type: boolean
+ description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
+ example: false
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ - title: rule
+ oneOf:
+ - type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description: This is the name of the Generic rule that needs to be invoked by the transform
+ example: Generic Calculation Rule
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - type: object
+ required:
+ - name
+ - operation
+ - includeNumbers
+ - includeSpecialChars
+ - length
+ properties:
+ name:
+ type: string
+ description: This must always be set to "Cloud Services Deployment Utility"
+ example: Cloud Services Deployment Utility
+ operation:
+ type: string
+ description: The operation to perform `generateRandomString`
+ example: generateRandomString
+ includeNumbers:
+ type: boolean
+ description: This must be either "true" or "false" to indicate whether the generator logic should include numbers
+ example: true
+ includeSpecialChars:
+ type: boolean
+ description: This must be either "true" or "false" to indicate whether the generator logic should include special characters
+ example: true
+ length:
+ type: string
+ description: |
+ This specifies how long the randomly generated string needs to be
+
+
+ >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - type: object
+ required:
+ - name
+ - operation
+ - uid
+ properties:
+ name:
+ type: string
+ description: This must always be set to "Cloud Services Deployment Utility"
+ example: Cloud Services Deployment Utility
+ operation:
+ type: string
+ description: The operation to perform `getReferenceIdentityAttribute`
+ example: getReferenceIdentityAttribute
+ uid:
+ type: string
+ description: |
+ This is the SailPoint User Name (uid) value of the identity whose attribute is desired
+
+ As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute.
+ example: 2c91808570313110017040b06f344ec9
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ - title: identityAttribute
+ type: object
+ required:
+ - name
+ properties:
+ name:
+ type: string
+ description: The system (camel-cased) name of the identity attribute to bring in
+ example: email
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: indexOf
+ type: object
+ required:
+ - substring
+ properties:
+ substring:
+ type: string
+ description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.'
+ example: admin_
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: iso3166
+ type: object
+ properties:
+ format:
+ type: string
+ description: |
+ An optional value to denote which ISO 3166 format to return. Valid values are:
+
+
+ `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied
+
+
+ `alpha3` - Three-character country code (e.g., "USA")
+
+
+ `numeric` - The numeric country code (e.g., "840")
+ example: alpha2
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: leftPad
+ type: object
+ required:
+ - length
+ properties:
+ length:
+ type: string
+ description: An integer value for the desired length of the final output string
+ example: '4'
+ padding:
+ type: string
+ description: |
+ A string value representing the character that the incoming data should be padded with to get to the desired length
+
+
+ If not provided, the transform will default to a single space (" ") character for padding
+ example: '0'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: lookup
+ type: object
+ required:
+ - table
+ properties:
+ table:
+ type: object
+ additionalProperties: true
+ description: |
+ This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
+
+
+ >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
+ example:
+ USA: Americas
+ FRA: EMEA
+ AUS: APAC
+ default: Unknown Region
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: lower
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: nameNormalizer
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: randomAlphaNumeric
+ type: object
+ properties:
+ length:
+ type: string
+ description: |
+ This is an integer value specifying the size/number of characters the random string must contain
+
+
+ * This value must be a positive number and cannot be blank
+
+
+ * If no length is provided, the transform will default to a value of `32`
+
+
+ * Due to identity attribute data constraints, the maximum allowable value is `450` characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: randomNumeric
+ type: object
+ properties:
+ length:
+ type: string
+ description: |
+ This is an integer value specifying the size/number of characters the random string must contain
+
+
+ * This value must be a positive number and cannot be blank
+
+
+ * If no length is provided, the transform will default to a value of `32`
+
+
+ * Due to identity attribute data constraints, the maximum allowable value is `450` characters
+ example: '10'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: reference
+ type: object
+ required:
+ - id
+ properties:
+ id:
+ type: string
+ description: This ID specifies the name of the pre-existing transform which you want to use within your current transform
+ example: Existing Transform
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: replaceAll
+ type: object
+ required:
+ - table
+ properties:
+ table:
+ type: object
+ additionalProperties: true
+ description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.'
+ example:
+ '-': ' '
+ '"': ''''
+ ñ: 'n'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: replace
+ type: object
+ required:
+ - regex
+ - replacement
+ properties:
+ regex:
+ type: string
+ description: This can be a string or a regex pattern in which you want to replace.
+ example: '[^a-zA-Z]'
+ externalDocs:
+ description: Regex Builder
+ url: 'https://regex101.com/'
+ replacement:
+ type: string
+ description: This is the replacement string that should be substituded wherever the string or pattern is found.
+ example: ' '
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: rightPad
+ type: object
+ required:
+ - length
+ properties:
+ length:
+ type: string
+ description: An integer value for the desired length of the final output string
+ example: '4'
+ padding:
+ type: string
+ description: |
+ A string value representing the character that the incoming data should be padded with to get to the desired length
+
+
+ If not provided, the transform will default to a single space (" ") character for padding
+ example: '0'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: split
+ type: object
+ required:
+ - delimiter
+ - index
+ properties:
+ delimiter:
+ type: string
+ description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data'
+ example: ','
+ index:
+ type: string
+ description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.'
+ example: '5'
+ throws:
+ type: boolean
+ description: |
+ A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
+
+
+ `true` - The transform should return "IndexOutOfBoundsException"
+
+
+ `false` - The transform should return null
+
+
+ If not provided, the transform will default to false and return a null
+ example: true
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: static
+ type: object
+ required:
+ - values
+ properties:
+ values:
+ type: string
+ description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.'
+ example: string$variable
+ externalDocs:
+ description: Static Transform Documentation
+ url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static'
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ - title: substring
+ type: object
+ required:
+ - begin
+ properties:
+ begin:
+ type: integer
+ description: |
+ The index of the first character to include in the returned substring.
+
+
+ If `begin` is set to -1, the transform will begin at character 0 of the input data
+ example: 1
+ format: int32
+ beginOffset:
+ type: integer
+ description: |
+ This integer value is the number of characters to add to the begin attribute when returning a substring.
+
+ This attribute is only used if begin is not -1.
+ example: 3
+ format: int32
+ end:
+ type: integer
+ description: |
+ The index of the first character to exclude from the returned substring.
+
+ If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
+ example: 6
+ format: int32
+ endOffset:
+ type: integer
+ description: |
+ This integer value is the number of characters to add to the end attribute when returning a substring.
+
+ This attribute is only used if end is provided and is not -1.
+ example: 1
+ format: int32
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: trim
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: upper
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ input:
+ type: object
+ description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.'
+ additionalProperties: true
+ example:
+ type: accountAttribute
+ attributes:
+ attributeName: first_name
+ sourceName: Source
+ - title: uuid
+ type: object
+ properties:
+ requiresPeriodicRefresh:
+ type: boolean
+ description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
+ example: false
+ default: false
+ internal:
+ type: boolean
+ readOnly: true
+ description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform
+ example: false
+ WorkItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the work item
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterId:
+ type: string
+ description: ID of the requester
+ example: 2c9180835d2e5168015d32f890ca1581
+ requesterDisplayName:
+ type: string
+ description: The displayname of the requester
+ example: John Smith
+ ownerId:
+ type: string
+ description: The ID of the owner
+ example: 2c9180835d2e5168015d32f890ca1581
+ ownerName:
+ type: string
+ description: The name of the owner
+ example: Jason Smith
+ created:
+ type: string
+ format: date-time
+ example: '2017-07-11T18:45:37.098Z'
+ modified:
+ type: string
+ format: date-time
+ example: '2018-06-25T20:22:28.104Z'
+ description:
+ type: string
+ description: The description of the work item
+ example: Create account on source 'AD'
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ type:
+ type: string
+ enum:
+ - UNKNOWN
+ - GENERIC
+ - CERTIFICATION
+ - REMEDIATION
+ - DELEGATION
+ - APPROVAL
+ - VIOLATIONREVIEW
+ - FORM
+ - POLICYVIOLATION
+ - CHALLENGE
+ - IMPACTANALYSIS
+ - SIGNOFF
+ - EVENT
+ - MANUALACTION
+ - TEST
+ remediationItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The ID of the certification
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetId:
+ type: string
+ description: The ID of the certification target
+ example: 2c9180835d2e5168015d32f890ca1581
+ targetName:
+ type: string
+ description: The name of the certification target
+ example: john.smith
+ targetDisplayName:
+ type: string
+ description: The display name of the certification target
+ example: emailAddress
+ applicationName:
+ type: string
+ description: The name of the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute being certified
+ example: phoneNumber
+ attributeOperation:
+ type: string
+ description: The operation of the certification on the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute being certified
+ example: 512-555-1212
+ nativeIdentity:
+ type: string
+ description: The native identity of the target
+ example: jason.smith2
+ approvalItems:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the approval item
+ example: 2c9180835d2e5168015d32f890ca1581
+ account:
+ type: string
+ description: The account referenced by the approval item
+ example: john.smith
+ application:
+ type: string
+ description: The name the application/source
+ example: Active Directory
+ attributeName:
+ type: string
+ description: The name of the attribute
+ example: emailAddress
+ attributeOperation:
+ type: string
+ description: The operation of the attribute
+ example: update
+ attributeValue:
+ type: string
+ description: The value of the attribute
+ example: a@b.com
+ state:
+ type: string
+ enum:
+ - FINISHED
+ - REJECTED
+ - RETURNED
+ - EXPIRED
+ - PENDING
+ - CANCELED
+ name:
+ type: string
+ description: The work item name
+ example: Account Create
+ completed:
+ type: string
+ format: date-time
+ example: '2018-10-19T13:49:37.385Z'
+ numItems:
+ type: integer
+ description: The number of items in the work item
+ example: 19
+ form:
+ type: object
+ properties:
+ id:
+ type: string
+ description: ID of the form
+ example: 2c9180835d2e5168015d32f890ca1581
+ name:
+ type: string
+ description: Name of the form
+ example: AccountSelection Form
+ title:
+ type: string
+ description: The form title
+ example: Account Selection for John.Doe
+ subtitle:
+ type: string
+ description: The form subtitle.
+ example: Please select from the following
+ targetUser:
+ type: string
+ description: The name of the user that should be shown this form
+ example: Jane.Doe
+ sections:
+ type: object
+ allOf:
+ - type: object
+ properties:
+ name:
+ type: string
+ description: Name of the FormItem
+ example: Field1
+ - type: object
+ properties:
+ label:
+ type: string
+ description: Label of the section
+ example: Section 1
+ formItems:
+ type: array
+ items:
+ type: object
+ description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails
+ example: []
+ errors:
+ type: array
+ items:
+ type: string
+ example:
+ - The work item ID that was specified was not found.
+ WorkItemsCount:
+ type: object
+ properties:
+ count:
+ type: integer
+ description: The count of work items
+ example: 29
+ WorkItemsSummary:
+ type: object
+ properties:
+ open:
+ type: integer
+ description: The count of open work items
+ example: 29
+ completed:
+ type: integer
+ description: The count of completed work items
+ example: 1
+ total:
+ type: integer
+ description: The count of total work items
+ example: 30