diff --git a/dereferenced/deref-sailpoint-api.v3.yaml b/dereferenced/deref-sailpoint-api.v3.yaml index 2bb7e79..e14e70a 100644 --- a/dereferenced/deref-sailpoint-api.v3.yaml +++ b/dereferenced/deref-sailpoint-api.v3.yaml @@ -164,35 +164,35 @@ tags: description: | Use this API to implement certification campaign functionality. With this functionality in place, administrators can create, customize, and manage certification campaigns for their organizations' use. - Certification campaigns provide IdentityNow (IDN) users with an interactive review process they can use to identify and verify access to systems. + Certification campaigns provide IdentityNow users with an interactive review process they can use to identify and verify access to systems. Campaigns help organizations reduce risk of inappropriate access and satisfy audit requirements. - A certification refers to IDN's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. + A certification refers to IdentityNow's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. These certifications serve as a way of showing that a user's access has been reviewed and approved. Multiple certifications by different reviewers are often required to approve a user's access. A set of multiple certifications is called a certification campaign. For example, an organization may use a Manager Certification campaign as a way of showing that a user's access has been reviewed and approved by multiple managers. - Once this campaign has been completed, IDN would provision all the access the user needs, nothing more. + Once this campaign has been completed, IdentityNow would provision all the access the user needs, nothing more. - IDN provides two simple campaign types users can create without using search queries, Manager and Source Owner campaigns: + IdentityNow provides two simple campaign types users can create without using search queries, Manager and Source Owner campaigns: - You can create these types of campaigns without using any search queries in IDN: + You can create these types of campaigns without using any search queries in IdentityNow: - - ManagerCampaign: IDN provides this campaign type as a way to ensure that an identity's access is certified by their managers. + - ManagerCampaign: IdentityNow provides this campaign type as a way to ensure that an identity's access is certified by their managers. You only need to provide a name and description to create one. - - Source Owner Campaign: IDN provides this campaign type as a way to ensure that an identity's access to a source is certified by its source owners. + - Source Owner Campaign: IdentityNow provides this campaign type as a way to ensure that an identity's access to a source is certified by its source owners. You only need to provide a name and description to create one. You can specify the sources whose owners you want involved or just run it across all sources. For more information about these campaign types, refer to [Starting a Manager or Source Owner Campaign](https://documentation.sailpoint.com/saas/help/certs/starting_campaign.html). - One useful way to create certification campaigns in IDN is to use a specific search and then run a campaign on the results returned by that search. + One useful way to create certification campaigns in IdentityNow is to use a specific search and then run a campaign on the results returned by that search. This allows you to be much more specific about whom you are certifying in your campaigns and what access you are certifying in your campaigns. For example, you can search for all identities who are managed by "Amanda.Ross" and also have the access to the "Accounting" role and then run a certification campaign based on that search to ensure that the returned identities are appropriately certified. - You can use IDN search queries to create these types of campaigns: + You can use IdentityNow search queries to create these types of campaigns: - Identities: Use this campaign type to review and revoke access items for specific identities. You can either build a search query and create a campaign certifying all identities returned by that query, or you can search for individual identities and add those identities to the certification campaign. @@ -203,7 +203,7 @@ tags: - Role Composition: Use this campaign type to review a role's composition, including its title, description, and membership criteria. You can either build a search query and create a campaign certifying all roles returned by that query, or you can search for individual roles and add those roles to the certification campaign. - - Uncorrelated Accounts: Use this campaign type to certify source accounts that aren't linked to an authoritative identity in IDN. + - Uncorrelated Accounts: Use this campaign type to certify source accounts that aren't linked to an authoritative identity in IdentityNow. You can use this campaign type to view all the uncorrelated accounts for a source and certify them. For more information about search-based campaigns, refer to [Starting a Campaign from Search](https://documentation.sailpoint.com/saas/help/certs/starting_search_campaign.html). @@ -211,7 +211,7 @@ tags: Once you have generated your campaign, it becomes available for preview. An administrator can review the campaign and make changes, or if it's ready and accurate, activate it. - Once the campaign is active, organization administrators or certification administrators can designate other IDN users as certification reviewers. + Once the campaign is active, organization administrators or certification administrators can designate other IdentityNow users as certification reviewers. Those reviewers can view any of the certifications they either need to review (active) or have already reviewed (completed). When a certification campaign is in progress, certification reviewers see the listed active certifications whose involved identities they can review. @@ -300,7 +300,7 @@ tags: To maintain access across multiple lifecycle states, administrators must grant the access profiles in each lifecycle state. For example, if an administrator wants users with the 'HR Employee' identity profile to maintain their building access in both the 'Active' and 'Leave of Absence' lifecycle states, the administrator must grant the access profile for that building access to both lifecycle states. - During scheduled refreshes, IdentityNow evaluates lifFecycle states to determine whether their assigned identities have the access defined in the lifecycle states' access profiles. + During scheduled refreshes, IdentityNow evaluates lifecycle states to determine whether their assigned identities have the access defined in the lifecycle states' access profiles. If the identities are missing access, IdentityNow provisions that access. Administrators can also use the 'Provisioning' tab to configure email notifications for IdentityNow to send whenever an identity with that identity profile has a lifecycle state change. @@ -617,6 +617,24 @@ tags: Depending on the system load, this can take a few seconds to a few minutes. Please keep this latency in mind when you use search. - name: Segments + description: | + Use this API to implement and customize access request segment functionality. + With this functionality in place, administrators can create and manage access request segments. + Segments provide organizations with a way to make the access their users have even more granular - this can simply the access request process for the organization's users and improves security by reducing the risk of overprovisoning access. + + Segments represent sets of identities, all grouped by specified identity attributes, who are only able to see and access the access items associated with their segments. + For example, administrators could group all their organization's London office employees into one segment, "London Office Employees," by their shared location. + The administrators could then define the access items the London employees would need, and the identities in the "London Office Employees" would then only be able to see and access those items. + + In IdentityNow, administrators can use the 'Access' drop-down menu and select 'Segments' to reach the 'Access Requests Segments' page. + This page lists all the existing access request segments, along with their statuses, enabled or disabled. + Administrators can use this page to create, edit, enable, disable, and delete segments. + To create a segment, an administrator must provide a name, define the identities grouped in the segment, and define the items the identities in the segment can access. + These items can be access profiles, roles, or entitlements. + + When administrators use the API to create and manage segments, they use a JSON expression in the `visibilityCriteria` object to define the segment's identities and access items. + + Refer to [Managing Access Request Segments](https://documentation.sailpoint.com/saas/help/requests/segments.html) for more information about segments in IdentityNow. - name: Service Desk Integration description: | Use this API to build an integration between IdentityNow and a service desk ITSM (IT service management) solution. @@ -1391,7 +1409,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:access-profile:read' post: operationId: createAccessProfile @@ -2281,7 +2299,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:access-profile:manage' '/access-profiles/{id}': get: @@ -2847,7 +2865,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:access-profile:read' patch: operationId: patchAccessProfile @@ -3530,7 +3548,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:access-profile:manage' /access-profiles/bulk-delete: post: @@ -3949,7 +3967,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:access-profile:manage' '/access-profiles/{id}/entitlements': get: @@ -4353,13 +4371,13 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:access-profile:read' /access-requests: post: operationId: createAccessRequest security: - - oauth2: + - UserContextAuth: - 'idn:access-request:manage' summary: Submit an Access Request tags: @@ -4717,7 +4735,7 @@ paths: properties: accountActivityId: type: string - description: ID of the account activity object corresponding to the access request. + description: 'This refers to the identityRequestId. To successfully cancel an access request, you must provide the identityRequestId.' example: 2c9180835d2e5168015d32f890ca1581 comment: type: string @@ -10369,7 +10387,7 @@ paths: This returns a list of accounts. A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:accounts:read' parameters: - in: query @@ -10774,7 +10792,7 @@ paths: The `sourceId` where this account will be created must be included in the `attributes` object. A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:accounts:manage' requestBody: required: true @@ -11040,7 +11058,7 @@ paths: This API returns the details for a single account based on the ID. A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:accounts:read' parameters: - in: path @@ -11453,7 +11471,7 @@ paths: A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:accounts:manage' parameters: - in: path @@ -11804,7 +11822,7 @@ paths: A token with ORG_ADMIN authority is required to call this API. >**NOTE: The PUT Account API is designated only for Delimited File sources.** security: - - oauth2: + - UserContextAuth: - 'idn:accounts:manage' parameters: - in: path @@ -12135,7 +12153,7 @@ paths: This API submits an account delete task and returns the task ID. This operation can only be used on Flat File Sources. Any attempt to execute this request on the source of other type will result in an error response with a status code of 400. A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:accounts:manage' parameters: - in: path @@ -12448,7 +12466,7 @@ paths: This API returns entitlements of the account. A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:accounts:read' parameters: - in: query @@ -12901,7 +12919,7 @@ paths: This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process. A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:accounts-state:manage' parameters: - in: path @@ -13214,7 +13232,7 @@ paths: This API submits a task to enable account and returns the task ID. A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:accounts-state:manage' parameters: - in: path @@ -13543,7 +13561,7 @@ paths: This API submits a task to disable the account and returns the task ID. A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:accounts-state:manage' parameters: - in: path @@ -13872,7 +13890,7 @@ paths: This API submits a task to unlock an account and returns the task ID. A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:accounts-state:manage' parameters: - in: path @@ -15424,7 +15442,7 @@ paths: summary: List Campaigns description: Gets campaigns and returns them in a list. Can provide increased level of detail for each campaign if provided the correct query. security: - - oauth2: + - UserContextAuth: - 'idn:campaign-list:read' parameters: - in: query @@ -16368,7 +16386,7 @@ paths: summary: Create a campaign description: Creates a new Certification Campaign with the information provided in the request body. security: - - oauth2: + - UserContextAuth: - 'idn:campaign:create' requestBody: required: true @@ -17596,7 +17614,7 @@ paths: summary: Get a campaign description: 'Retrieves information for an existing campaign using the campaign''s ID. Authorized callers must be a reviewer for this campaign, an ORG_ADMIN, or a CERT_ADMIN.' security: - - oauth2: [] + - UserContextAuth: [] parameters: - in: path name: id @@ -18006,10 +18024,491 @@ paths: - locale: en-US localeOrigin: DEFAULT text: An internal fault occurred. + patch: + operationId: updateCampaign + tags: + - Certification Campaigns + summary: Update a Campaign + description: 'Allows updating individual fields on a campaign using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.' + security: + - UserContextAuth: + - 'idn:campaign:update' + - 'idn:campaign:read' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the campaign template being modified. + example: 2c91808571bcfcf80171c23e4b4221fc + requestBody: + required: true + description: | + A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + The fields that can be patched differ based on the status of the campaign. + + In the *STAGED* status, the following fields can be patched: + * name + * description + * recommendationsEnabled + * deadline + * emailNotificationEnabled + * autoRevokeAllowed + + In the *ACTIVE* status, the following fields can be patched: + * deadline + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /name + value: This field has been updated! + - op: copy + from: /name + path: /description + responses: + '200': + description: 'Indicates the PATCH operation succeeded, and returns the campaign''s new representation.' + content: + application/json: + schema: + type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + default: false + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + default: false + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + default: false + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + examples: + Manager: + value: + id: 2c918086719eec070171a7e3355a360a + name: Manager Review + description: A review of everyone's access by their manager. + deadline: '2020-12-25T06:00:00.123Z' + type: MANAGER + status: ACTIVE + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + Search: + value: + id: 7e1a731e3fb845cfbe58112ba4673ee4 + name: Search Campaign + description: Search Campaign Info + deadline: 2022-07-26T15:42:44.000Z + type: SEARCH + status: ACTIVE + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + Source Owner: + value: + id: 2c918086719eec070171a7e3355a412b + name: AD Source Review + description: A review of our AD source. + deadline: '2020-12-25T06:00:00.123Z' + type: SOURCE_OWNER + status: STAGED + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + RoleComposition: + value: + id: 3b2e2e5821e84127b6d693d41c40623b + name: Role Composition Campaign + description: A review done by a role owner. + deadline: 2020-12-25T06:00:00.468Z + type: ROLE_COMPOSITION + status: ACTIVE + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. '/campaigns/{id}/reassign': post: security: - - oauth2: + - UserContextAuth: - 'idn:certification:write' operationId: move tags: @@ -18448,7 +18947,7 @@ paths: Submits a job to activate the campaign with the given Id. The campaign must be staged. Requires roles of CERT_ADMIN and ORG_ADMIN security: - - oauth2: + - UserContextAuth: - 'idn:campaign:update' requestBody: description: 'Optional. If no timezone is specified, the standard UTC timezone is used (i.e. UTC+00:00). Although this can take any timezone, the intended value is the caller''s timezone. The activation time calculated from the given timezone may cause the campaign deadline time to be modified, but it will remain within the original date. The timezone must be in a valid ISO 8601 format.' @@ -24766,7 +25265,7 @@ paths: This endpoint will set/update an identity's lifecycle state to the one provided and updates the corresponding Identity Profile. A token with ORG_ADMIN or API authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:identity-lifecycle-state:update' parameters: - in: path @@ -25087,7 +25586,7 @@ paths: This end-point lists all the LifecycleStates associated with IdentityProfiles. A token with API, or ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:identity-profile-lifecycle-state:read' parameters: - in: path @@ -25477,7 +25976,7 @@ paths: This API creates a new Lifecycle State. A token with ORG_ADMIN or API authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:identity-profile-lifecycle-state:manage' parameters: - in: path @@ -25926,7 +26425,7 @@ paths: This endpoint retrieves a Lifecycle State. A token with ORG_ADMIN or API authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:identity-profile-lifecycle-state:read' parameters: - in: path @@ -26339,7 +26838,7 @@ paths: This endpoint updates individual Lifecycle State fields using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. A token with ORG_ADMIN or API authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:identity-profile-lifecycle-state:manage' parameters: - in: path @@ -26828,7 +27327,7 @@ paths: This endpoint deletes the Lifecycle State using it's ID. A token with API, or ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:identity-profile-lifecycle-state:manage' parameters: - in: path @@ -27609,8 +28108,294 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:identity-profile:read' + /identity-profiles/bulk-delete: + post: + operationId: deleteIdentityProfiles + tags: + - Identity Profiles + summary: Delete Identity Profiles + description: |- + This deletes multiple Identity Profiles via a list of supplied IDs. + + On success, this endpoint will return a reference to the bulk delete task result. + + A token with ORG_ADMIN authority is required to call this API. + + The following rights are required to access this endpoint: idn:identity-profile:delete + requestBody: + description: Identity Profile bulk delete request body. + required: true + content: + application/json: + schema: + description: List of Identity Profile IDs to delete. + type: array + items: + type: string + example: + - 2c9180867b2a34e0017b3078d60b0699 + - 2c9180867b2a34e0017b3078d60b0698 + responses: + '202': + description: Accepted - Returns a TaskResult object referencing the bulk delete job created. + content: + application/json: + schema: + description: An object with a TaskResult reference of the bulk delete job + type: object + properties: + id: + type: string + description: Task identifier + example: ff8081814d977c21014da056804a0af3 + name: + type: string + description: Task name + example: Background Object Terminator c8f030f2-b1a6-4e33-99e8-6935bc18735d + description: + type: string + description: Task description + example: 'Generic task for terminating data in the overlay, used by the TerminationService.' + launcher: + type: string + description: User or process who launched the task + example: support + completed: + type: string + format: date-time + description: Date time of completion + example: 'Mon Aug 21 14:57:39 CDT 2023' + launched: + type: string + format: date-time + description: Date time when the task was launched + example: 'Mon Aug 21 14:55:39 CDT 2023' + completionStatus: + type: string + enum: + - Success + - Warning + - Error + - Terminated + - TempError + description: Task result status + example: Success + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - UserContextAuth: + - 'idn:identity-profile:delete' /identity-profiles/export: get: operationId: exportIdentityProfiles @@ -28099,7 +28884,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:identity-profile:read' /identity-profiles/import: post: @@ -28663,7 +29448,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:identity-profile:manage' '/identity-profiles/{identity-profile-id}': get: @@ -29110,8 +29895,356 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:identity-profile:read' + delete: + operationId: deleteIdentityProfile + tags: + - Identity Profiles + summary: Delete an Identity Profile + description: |- + This deletes an Identity Profile based on ID. + + On success, this endpoint will return a reference to the bulk delete task result. + + A token with ORG_ADMIN authority is required to call this API. + + The following rights are required to access this endpoint: idn:identity-profile:delete + parameters: + - in: path + name: identity-profile-id + schema: + type: string + format: uuid + required: true + description: The Identity Profile ID. + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '202': + description: Accepted - Returns a TaskResult object referencing the bulk delete job created. + content: + application/json: + schema: + description: An object with a TaskResult reference of the delete job. + type: object + properties: + id: + type: string + description: Task identifier + example: ff8081814d977c21014da056804a0af3 + name: + type: string + description: Task name + example: Background Object Terminator c8f030f2-b1a6-4e33-99e8-6935bc18735d + description: + type: string + description: Task description + example: 'Generic task for terminating data in the overlay, used by the TerminationService.' + launcher: + type: string + description: User or process who launched the task + example: support + completed: + type: string + format: date-time + description: Date time of completion + example: 'Mon Aug 21 14:57:39 CDT 2023' + launched: + type: string + format: date-time + description: Date time when the task was launched + example: 'Mon Aug 21 14:55:39 CDT 2023' + completionStatus: + type: string + enum: + - Success + - Warning + - Error + - Terminated + - TempError + description: Task result status + example: Success + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - UserContextAuth: + - 'idn:identity-profile:delete' '/identity-profiles/{identity-profile-id}/default-identity-attribute-config': get: operationId: getDefaultIdentityAttributeConfig @@ -29452,8 +30585,315 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:identity-profile:manage' + '/identity-profiles/{identity-profile-id}/process-identities': + post: + operationId: syncIdentityProfile + tags: + - Identity Profiles + summary: Process identities under profile + description: |- + Process identities under the profile + + A token with ORG_ADMIN authority is required to call this API. + parameters: + - in: path + name: identity-profile-id + schema: + type: string + format: uuid + required: true + description: The Identity Profile ID to be processed + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '202': + description: Accepted status after refresh has launched + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - UserContextAuth: + - 'idn:identity-profile:refresh' /non-employee-records: post: operationId: createNonEmployeeRecord @@ -29808,7 +31248,7 @@ paths: get: operationId: listNonEmployeeRecords security: - - oauth2: [] + - UserContextAuth: [] tags: - Non-Employee Lifecycle Management summary: List Non-Employee Records @@ -30450,7 +31890,7 @@ paths: put: operationId: updateNonEmployeeRecord security: - - oauth2: [] + - UserContextAuth: [] tags: - Non-Employee Lifecycle Management summary: Update Non-Employee Record @@ -30880,7 +32320,7 @@ paths: patch: operationId: patchNonEmployeeRecord security: - - oauth2: [] + - UserContextAuth: [] tags: - Non-Employee Lifecycle Management summary: Patch Non-Employee Record @@ -31764,7 +33204,7 @@ paths: post: operationId: createNonEmployeeRequest security: - - oauth2: [] + - UserContextAuth: [] tags: - Non-Employee Lifecycle Management summary: Create Non-Employee Request @@ -32242,7 +33682,7 @@ paths: get: operationId: listNonEmployeeRequests security: - - oauth2: [] + - UserContextAuth: [] tags: - Non-Employee Lifecycle Management summary: List Non-Employee Requests @@ -32707,7 +34147,7 @@ paths: get: operationId: getNonEmployeeRequest security: - - oauth2: [] + - UserContextAuth: [] tags: - Non-Employee Lifecycle Management summary: Get a Non-Employee Request @@ -33482,7 +34922,7 @@ paths: get: operationId: getNonEmployeeRequestSummary security: - - oauth2: [] + - UserContextAuth: [] tags: - Non-Employee Lifecycle Management summary: Get Summary of Non-Employee Requests @@ -34103,7 +35543,7 @@ paths: get: operationId: listNonEmployeeSources security: - - oauth2: [] + - UserContextAuth: [] tags: - Non-Employee Lifecycle Management summary: List Non-Employee Sources @@ -34471,7 +35911,7 @@ paths: get: operationId: getNonEmployeeSource security: - - oauth2: [] + - UserContextAuth: [] tags: - Non-Employee Lifecycle Management summary: Get a Non-Employee Source @@ -35655,7 +37095,7 @@ paths: post: operationId: importNonEmployeeRecordsInBulk security: - - oauth2: + - UserContextAuth: - 'idn:nelm:manage' tags: - Non-Employee Lifecycle Management @@ -36555,7 +37995,7 @@ paths: get: operationId: listNonEmployeeApprovals security: - - oauth2: [] + - UserContextAuth: [] tags: - Non-Employee Lifecycle Management summary: Get List of Non-Employee Approval Requests @@ -36933,7 +38373,7 @@ paths: get: operationId: getNonEmployeeApproval security: - - oauth2: [] + - UserContextAuth: [] tags: - Non-Employee Lifecycle Management summary: Get a non-employee approval item detail @@ -37416,7 +38856,7 @@ paths: post: operationId: approveNonEmployeeRequest security: - - oauth2: [] + - UserContextAuth: [] tags: - Non-Employee Lifecycle Management summary: Approve a Non-Employee Request @@ -37746,7 +39186,7 @@ paths: post: operationId: rejectNonEmployeeRequest security: - - oauth2: [] + - UserContextAuth: [] tags: - Non-Employee Lifecycle Management summary: Reject a Non-Employee Request @@ -38078,7 +39518,7 @@ paths: get: operationId: getNonEmployeeApprovalSummary security: - - oauth2: [] + - UserContextAuth: [] tags: - Non-Employee Lifecycle Management summary: Get Summary of Non-Employee Approval Requests @@ -38334,7 +39774,7 @@ paths: get: operationId: getNonEmployeeSourceSchemaAttributes security: - - oauth2: [] + - UserContextAuth: [] tags: - Non-Employee Lifecycle Management summary: List Schema Attributes Non-Employee Source @@ -39242,7 +40682,7 @@ paths: get: operationId: getNonEmployeeSchemaAttribute security: - - oauth2: [] + - UserContextAuth: [] tags: - Non-Employee Lifecycle Management summary: Get Schema Attribute Non-Employee Source @@ -40180,7 +41620,7 @@ paths: get: operationId: listOauthClients security: - - oauth2: + - UserContextAuth: - 'sp:oauth-client:manage' tags: - OAuth Clients @@ -40554,7 +41994,7 @@ paths: post: operationId: createOauthClient security: - - oauth2: + - UserContextAuth: - 'sp:oauth-client:manage' tags: - OAuth Clients @@ -41017,7 +42457,7 @@ paths: get: operationId: getOauthClient security: - - oauth2: + - UserContextAuth: - 'sp:oauth-client:manage' - 'sp:oauth-client:read' tags: @@ -41452,7 +42892,7 @@ paths: delete: operationId: deleteOauthClient security: - - oauth2: + - UserContextAuth: - 'sp:oauth-client:manage' tags: - OAuth Clients @@ -41750,7 +43190,7 @@ paths: patch: operationId: patchOauthClient security: - - oauth2: + - UserContextAuth: - 'sp:oauth-client:manage' tags: - OAuth Clients @@ -42254,7 +43694,7 @@ paths: summary: Get Password Sync Group List description: This API returns a list of password sync groups. A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:password-sync-group-management:read' parameters: - in: query @@ -42543,7 +43983,7 @@ paths: summary: Create Password Sync Group description: This API creates a password sync group based on the specifications provided. A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:password-sync-group-management:write' requestBody: required: true @@ -42832,7 +44272,7 @@ paths: summary: Get Password Sync Group by ID description: This API returns the sync group for the specified ID. A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:password-sync-group-management:read' parameters: - in: path @@ -43162,7 +44602,7 @@ paths: summary: Update Password Sync Group by ID description: This API updates the specified password sync group. A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:password-sync-group-management:write' parameters: - in: path @@ -43526,7 +44966,7 @@ paths: summary: Delete Password Sync Group by ID description: This API deletes the specified password sync group. A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:password-sync-group-management:write' parameters: - in: path @@ -43754,7 +45194,7 @@ paths: get: operationId: listPersonalAccessTokens security: - - oauth2: + - UserContextAuth: - 'sp:my-personal-access-tokens:read' - 'sp:my-personal-access-tokens:manage' - 'sp:all-personal-access-tokens:read' @@ -44091,7 +45531,7 @@ paths: post: operationId: createPersonalAccessToken security: - - oauth2: + - UserContextAuth: - 'sp:my-personal-access-tokens:manage' - 'sp:all-personal-access-tokens:manage' tags: @@ -44425,7 +45865,7 @@ paths: patch: operationId: patchPersonalAccessToken security: - - oauth2: + - UserContextAuth: - 'sp:my-personal-access-tokens:manage' tags: - Personal Access Tokens @@ -44863,7 +46303,7 @@ paths: delete: operationId: deletePersonalAccessToken security: - - oauth2: + - UserContextAuth: - 'sp:my-personal-access-tokens:manage' - 'sp:all-personal-access-tokens:manage' tags: @@ -47413,7 +48853,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:role-unchecked:read' - 'idn:role-unchecked:manage' - 'idn:role-checked:manage' @@ -48523,7 +49963,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:role-unchecked:manage' - 'idn:role-checked:manage' '/roles/{id}': @@ -49198,7 +50638,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:role-unchecked:read' - 'idn:role-unchecked:manage' - 'idn:role-checked:manage' @@ -49970,7 +51410,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:role-unchecked:manage' - 'idn:role-checked:manage' '/roles/{id}/assigned-identities': @@ -50298,7 +51738,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:role-unchecked:read' - 'idn:role-unchecked:manage' - 'idn:role-checked:manage' @@ -66398,16 +67838,14 @@ paths: post: operationId: createSegment security: - - oauth2: + - UserContextAuth: - 'idn:segment:manage' tags: - Segments summary: Create Segment description: |- - This API creates a segment. - - Note that segment definitions may take time to propagate to all identities. - + This API creates a segment. + >**Note:** Segment definitions may take time to propagate to all identities. A token with ORG_ADMIN or API authority is required to call this API. requestBody: required: true @@ -66872,14 +68310,14 @@ paths: get: operationId: listSegments security: - - oauth2: + - UserContextAuth: - 'idn:segment:read' - 'idn:segment:manage' tags: - Segments summary: List Segments description: |- - This API returns a list of all segments. + This API returns a list of all segments. A token with ORG_ADMIN or API authority is required to call this API. parameters: - in: query @@ -66922,7 +68360,7 @@ paths: default: false responses: '200': - description: List of all Segments + description: List of all segments content: application/json: schema: @@ -67262,15 +68700,14 @@ paths: get: operationId: getSegment security: - - oauth2: + - UserContextAuth: - 'idn:segment:read' - 'idn:segment:manage' tags: - Segments - summary: Get a Segment by ID + summary: Get Segment by ID description: |- This API returns the segment specified by the given ID. - A token with ORG_ADMIN or API authority is required to call this API. parameters: - in: path @@ -67278,7 +68715,7 @@ paths: schema: type: string required: true - description: The ID of the Segment to retrieve. + description: The segment ID to retrieve. example: ef38f94347e94562b5bb8424a56397d8 responses: '200': @@ -67686,16 +69123,14 @@ paths: delete: operationId: deleteSegment security: - - oauth2: + - UserContextAuth: - 'idn:segment:manage' tags: - Segments summary: Delete Segment by ID description: |- This API deletes the segment specified by the given ID. - - Note that segment deletion may take some time to become effective. - + >**Note:** that segment deletion may take some time to become effective. A token with ORG_ADMIN or API authority is required to call this API. parameters: - in: path @@ -67703,7 +69138,7 @@ paths: schema: type: string required: true - description: The ID of the Segment to delete. + description: The segment ID to delete. example: ef38f94347e94562b5bb8424a56397d8 responses: '204': @@ -67989,16 +69424,14 @@ paths: patch: operationId: patchSegment security: - - oauth2: + - UserContextAuth: - 'idn:segment:manage' tags: - Segments - summary: Update a Segment + summary: Update Segment description: |- - Allows updating Segment fields using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. - - Note that changes to a segment may take some time to propagate to all identities, and that segments will have no effect if segmentation is not enabled for your org. - + Use this API to update segment fields by using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + >**Note:** Changes to a segment may take some time to propagate to all identities. A token with ORG_ADMIN or API authority is required to call this API. parameters: - in: path @@ -68006,13 +69439,12 @@ paths: schema: type: string required: true - description: The ID of the Segment being modified. + description: The segment ID to modify. example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true description: | - A list of Segment update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. - + A list of segment update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * name @@ -68048,7 +69480,7 @@ paths: value: HR responses: '200': - description: 'Indicates the PATCH operation succeeded, and returns the Segment''s new representation.' + description: 'Indicates the PATCH operation succeeded, and returns the segment''s new representation.' content: application/json: schema: @@ -69150,7 +70582,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:service-desk-admin:read' - 'idn:service-desk-integration:read' post: @@ -70120,7 +71552,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:service-desk-admin:manage' - 'idn:service-desk-integration:manage' '/service-desk-integrations/{id}': @@ -70760,7 +72192,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:service-desk-admin:read' - 'idn:service-desk-integration:read' put: @@ -71740,7 +73172,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:service-desk-admin:manage' - 'idn:service-desk-integration:manage' delete: @@ -72041,7 +73473,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:service-desk-admin:manage' - 'idn:service-desk-integration:manage' patch: @@ -72742,7 +74174,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:service-desk-admin:manage' - 'idn:service-desk-integration:manage' /service-desk-integrations/types: @@ -73057,7 +74489,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:service-desk-admin:read' - 'idn:service-desk-integration:read' '/service-desk-integrations/templates/{scriptName}': @@ -73501,7 +74933,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:service-desk-admin:read' - 'idn:service-desk-integration:read' /service-desk-integrations/status-check-configuration: @@ -73810,7 +75242,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:service-desk-admin:read' - 'idn:service-desk-integration:read' put: @@ -74138,7 +75570,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:service-desk-admin:manage' - 'idn:service-desk-integration:manage' /query-password-info: @@ -75075,7 +76507,7 @@ paths: This gets password dictionary for the organization. A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:password-dictionary-management:read' responses: '200': @@ -75400,7 +76832,7 @@ paths: This updates password dictionary for the organization. A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:password-dictionary:manage' requestBody: required: true @@ -75733,7 +77165,7 @@ paths: summary: Get Password Org Config description: 'This API returns the password org config . Requires ORG_ADMIN, API role or authorization scope of ''idn:password-org-config:read''' security: - - oauth2: + - UserContextAuth: - 'idn:password-org-config:read' responses: '200': @@ -76293,7 +77725,7 @@ paths: To be able to use the custom password instructions, you must set the `customInstructionsEnabled` field to "true". Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:write' security: - - oauth2: + - UserContextAuth: - 'idn:password-org-config:write' requestBody: required: true @@ -76586,7 +78018,7 @@ paths: /sod-policies: post: security: - - oauth2: + - UserContextAuth: - 'idn:sod-policy:write' operationId: createSodPolicy tags: @@ -77482,7 +78914,7 @@ paths: text: An internal fault occurred. get: security: - - oauth2: + - UserContextAuth: - 'idn:sod-policy:read' operationId: listSodPolicies tags: @@ -78100,7 +79532,7 @@ paths: '/sod-policies/{id}': get: security: - - oauth2: + - UserContextAuth: - 'idn:sod-policy:read' operationId: getSodPolicy tags: @@ -78739,7 +80171,7 @@ paths: text: An internal fault occurred. put: security: - - oauth2: + - UserContextAuth: - 'idn:sod-policy:write' operationId: setSodPolicy tags: @@ -79709,7 +81141,7 @@ paths: text: An internal fault occurred. delete: security: - - oauth2: + - UserContextAuth: - 'idn:sod-policy:write' operationId: deleteSodPolicy tags: @@ -80017,7 +81449,7 @@ paths: text: An internal fault occurred. patch: security: - - oauth2: + - UserContextAuth: - 'idn:sod-policy:write' operationId: patchSodPolicy tags: @@ -80733,7 +82165,7 @@ paths: '/sod-policies/{id}/evaluate': post: security: - - oauth2: + - UserContextAuth: - 'idn:sod-violation:write' operationId: startEvaluateSodPolicy tags: @@ -81030,7 +82462,7 @@ paths: '/sod-policies/{id}/schedule': get: security: - - oauth2: + - UserContextAuth: - 'idn:sod-policy:read' operationId: getSodPolicySchedule tags: @@ -81471,7 +82903,7 @@ paths: text: An internal fault occurred. put: security: - - oauth2: + - UserContextAuth: - 'idn:sod-policy:write' operationId: setPolicySchedule tags: @@ -82124,7 +83556,7 @@ paths: text: An internal fault occurred. delete: security: - - oauth2: + - UserContextAuth: - 'idn:sod-policy:write' operationId: deleteSodPolicySchedule tags: @@ -82423,7 +83855,7 @@ paths: '/sod-policies/{id}/violation-report/run': post: security: - - oauth2: + - UserContextAuth: - 'idn:sod-violation:write' operationId: startSodPolicy tags: @@ -82787,7 +84219,7 @@ paths: '/sod-policies/{id}/violation-report': get: security: - - oauth2: + - UserContextAuth: - 'idn:sod-violation:read' operationId: getSodViolationReportStatus tags: @@ -83151,7 +84583,7 @@ paths: '/sod-policies/sod-violation-report-status/{reportResultId}': get: security: - - oauth2: + - UserContextAuth: - 'idn:sod-violation:read' operationId: getSodViolationReportRunStatus tags: @@ -83515,7 +84947,7 @@ paths: /sod-violations/predict: post: security: - - oauth2: + - UserContextAuth: - 'idn:sod-violation:read' operationId: startPredictSodViolations tags: @@ -84116,7 +85548,7 @@ paths: /sod-violations/check: post: security: - - oauth2: + - UserContextAuth: - 'idn:sod-violation:read' operationId: startViolationCheck tags: @@ -84511,7 +85943,7 @@ paths: /sod-violation-report/run: post: security: - - oauth2: + - UserContextAuth: - 'idn:sod-violation:write' operationId: startSodAllPoliciesForOrg tags: @@ -84819,7 +86251,7 @@ paths: /sod-violation-report: get: security: - - oauth2: + - UserContextAuth: - 'idn:sod-violation:read' operationId: getSodAllReportRunStatus tags: @@ -85108,7 +86540,7 @@ paths: '/sod-violation-report/{reportResultId}/download': get: security: - - oauth2: + - UserContextAuth: - 'idn:sod-violation:read' operationId: getDefaultViolationReport tags: @@ -85412,7 +86844,7 @@ paths: '/sod-violation-report/{reportResultId}/download/{fileName}': get: security: - - oauth2: + - UserContextAuth: - 'idn:sod-violation:read' operationId: getCustomViolationReport tags: @@ -85724,7 +87156,7 @@ paths: get: operationId: listSources security: - - oauth2: + - UserContextAuth: - 'idn:sources:read' tags: - Sources @@ -86438,7 +87870,7 @@ paths: post: operationId: createSource security: - - oauth2: + - UserContextAuth: - 'idn:sources:manage' tags: - Sources @@ -87356,7 +88788,7 @@ paths: get: operationId: getSource security: - - oauth2: + - UserContextAuth: - 'idn:sources:read' tags: - Sources @@ -87997,7 +89429,7 @@ paths: put: operationId: putSource security: - - oauth2: + - UserContextAuth: - 'idn:sources:manage' tags: - Sources @@ -88994,7 +90426,7 @@ paths: patch: operationId: updateSource security: - - oauth2: + - UserContextAuth: - 'idn:sources:manage' tags: - Sources @@ -89736,7 +91168,7 @@ paths: delete: operationId: deleteSource security: - - oauth2: + - UserContextAuth: - 'idn:sources:manage' tags: - Sources @@ -90070,7 +91502,7 @@ paths: This end-point lists all the ProvisioningPolicies in IdentityNow. A token with API, or ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:provisioning-policy:read' - 'idn:provisioning-policy:manage' parameters: @@ -90452,7 +91884,7 @@ paths: Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information. A token with ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:provisioning-policy:manage' parameters: - in: path @@ -90977,7 +92409,7 @@ paths: This end-point retrieves the ProvisioningPolicy with the specified usage on the specified Source in IdentityNow. A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:provisioning-policy:read' - 'idn:provisioning-policy-source:read' - 'idn:provisioning-policy:manage' @@ -91386,7 +92818,7 @@ paths: Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information. A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:provisioning-policy:manage' - 'idn:provisioning-policy-source-admin-operations:manage' parameters: @@ -91871,7 +93303,7 @@ paths: Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/idn/docs/transforms/guides/transforms-in-provisioning-policies) for more information. A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:provisioning-policy:update' parameters: - in: path @@ -92332,7 +93764,7 @@ paths: Deletes the provisioning policy with the specified usage on an application. A token with API, or ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:provisioning-policy:manage' parameters: - in: path @@ -92659,7 +94091,7 @@ paths: This end-point updates a list of provisioning policies on the specified source in IdentityNow. A token with API, or ORG_ADMIN authority is required to call this API. security: - - oauth2: + - UserContextAuth: - 'idn:provisioning-policy:manage' parameters: - in: path @@ -96245,7 +97677,7 @@ paths: get: operationId: getSourceHealth security: - - oauth2: + - UserContextAuth: - 'idn:sources:read' tags: - Sources @@ -96900,7 +98332,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:source-schema:read' post: tags: @@ -97332,7 +98764,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:source-schema:manage' '/sources/{id}/schemas/entitlements': get: @@ -97643,7 +99075,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:source-schema:read' post: tags: @@ -98081,13 +99513,13 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:source-schema:manage' '/sources/{sourceId}/upload-connector-file': post: operationId: importConnectorFile security: - - oauth2: + - UserContextAuth: - 'idn:sources-admin:manage' tags: - Sources @@ -98672,7 +100104,7 @@ paths: get: operationId: listTaggedObjects security: - - oauth2: + - UserContextAuth: - 'idn:tag:read' - 'idn:tag:manage' tags: @@ -99014,7 +100446,7 @@ paths: post: operationId: setTagToObject security: - - oauth2: + - UserContextAuth: - 'idn:tag:manage' tags: - Tagged Objects @@ -99301,7 +100733,7 @@ paths: get: operationId: listTaggedObjectsByType security: - - oauth2: + - UserContextAuth: - 'idn:tag:read' - 'idn:tag:manage' tags: @@ -99653,7 +101085,7 @@ paths: get: operationId: getTaggedObject security: - - oauth2: + - UserContextAuth: - 'idn:tag:read' - 'idn:tag:manage' tags: @@ -99954,7 +101386,7 @@ paths: put: operationId: putTaggedObject security: - - oauth2: + - UserContextAuth: - 'idn:tag:manage' tags: - Tagged Objects @@ -100314,7 +101746,7 @@ paths: delete: operationId: deleteTaggedObject security: - - oauth2: + - UserContextAuth: - 'idn:tag:manage' tags: - Tagged Objects @@ -100557,7 +101989,7 @@ paths: post: operationId: setTagsToManyObjects security: - - oauth2: + - UserContextAuth: - 'idn:tag:manage' tags: - Tagged Objects @@ -100929,7 +102361,7 @@ paths: post: operationId: deleteTagsToManyObject security: - - oauth2: + - UserContextAuth: - 'idn:tag:manage' tags: - Tagged Objects @@ -102989,7 +104421,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:transform:read' post: tags: @@ -106078,7 +107510,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:transform:update' '/transforms/{id}': get: @@ -107776,7 +109208,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:transform:read' put: tags: @@ -110884,7 +112316,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:transform:manage' delete: tags: @@ -111186,7 +112618,7 @@ paths: localeOrigin: DEFAULT text: An internal fault occurred. security: - - oauth2: + - UserContextAuth: - 'idn:transform:manage' /work-items: get: @@ -116444,14 +117876,406 @@ paths: - locale: en-US localeOrigin: DEFAULT text: An internal fault occurred. + '/campaigns/{id}/reports': + get: + operationId: getCampaignReports + tags: + - Certification Campaigns + summary: Get Campaign Reports + description: |- + Fetches all reports for a certification campaign by campaign ID. + Requires roles of CERT_ADMIN, DASHBOARD, ORG_ADMIN and REPORT_ADMIN + security: + - UserContextAuth: + - 'idn:campaign-report:read' + parameters: + - in: path + name: campaignId + schema: + type: string + example: 2c91808571bcfcf80171c23e4b4221fc + required: true + description: The ID of the campaign for which reports are being fetched. + responses: + '200': + description: Array of campaign report objects. + content: + application/json: + schema: + type: array + items: + type: object + title: Campaign Report + required: + - reportType + allOf: + - allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + - WORKGROUP + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + properties: + status: + type: string + description: Status of a violation report + enum: + - SUCCESS + - WARNING + - ERROR + - TERMINATED + - TEMP_ERROR + - PENDING + example: PENDING + - type: object + properties: + reportType: + type: string + description: type of a Report + enum: + - CAMPAIGN_COMPOSITION_REPORT + - CAMPAIGN_REMEDIATION_STATUS_REPORT + - CAMPAIGN_STATUS_REPORT + - CERTIFICATION_SIGNOFF_REPORT + example: CAMPAIGN_COMPOSITION_REPORT + lastRunAt: + type: string + readOnly: true + format: date-time + description: The most recent date and time this report was run + example: + type: REPORT_RESULT + id: 2c91808568c529c60168cca6f90c1313 + name: Campaign Composition Report + status: SUCCESS + reportType: CAMPAIGN_COMPOSITION_REPORT + lastRunAt: '2019-12-19T13:49:37.385Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. security: - - oauth2: [] + - UserContextAuth: [] components: securitySchemes: - oauth2: + UserContextAuth: type: oauth2 description: | - OAuth2 Bearer token (JWT). See [IdentityNow REST API Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information. + OAuth2 Bearer token (JWT) generated using either a Personal Access token or through the Authorization Code flow. + See [IdentityNow REST API Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information. - Directions for generating a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) - Directions using [client credentials flow](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) - Directions for using [authorization code flow](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow) @@ -116471,6 +118295,21 @@ components: scopes: 'sp:scopes:default': default scope 'sp:scopes:all': access to all scopes + ApplicationOnlyAuth: + type: oauth2 + description: | + OAuth2 Bearer token (JWT) generated using client credentials flow. + See [IdentityNow REST API Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information. + - Directions using [client credentials flow](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) + + Which authentication method should I choose? See our [guide](https://developer.sailpoint.com/idn/api/authentication#which-oauth-20-grant-flow-should-i-use) + + Learn more about how to find your `tokenUrl` and `authorizationUrl` [in our docs](https://developer.sailpoint.com/idn/api/authentication#find-your-tenants-oauth-details) + flows: + clientCredentials: + tokenUrl: 'https://tenant.api.identitynow.com/oauth/token' + scopes: + 'sp:scopes:default': default scope schemas: AccessRequest: type: object