LukeParke/developer.sailpoint.com
1
0
Fork 0
mirror of https://github.com/LukeHagar/developer.sailpoint.com.git synced 2025-12-09 12:27:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into devrel-2115

Browse Source
This commit is contained in:
darrell-thobe-sp
2025-05-01 20:23:31 -04:00
parent a0d08e44d1 60f3f8f999
commit 62e2363f5f
787 changed files with 23630 additions and 10489 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/api/api-versioning-strategy.md
View File

@@ -88,17 +88,17 @@ If you attempt to invoke an experimental API without specifying the `X-SailPoint
## Release schedule
SailPoint will introduce an annual release which includes both public and experimental APIs. Each yearly version will be named according to its release year. For instance, if the release occurs in 2025, the version will be designated as v2025.
SailPoint will introduce an annual release that includes both public and experimental APIs. Each yearly version will be named according to its release year. For instance, if the release occurs in 2025, the version will be designated as v2025.
Each annual release will be accompanied by an experimental release if there is at least one breaking change introduced in the current annual release. This experimental release will be named after the next year. For example, if the current year is 2025, the experimental version will be named v2026. Any breaking changes to public endpoints in a public version throughout the year will be introduced in the experimental version.
Each annual release may be accompanied by an experimental release if it introduces at least one breaking change. For example, if the annual release is v2025 and includes breaking changes, those changes will be introduced as experimental APIs in v2026.
When a new annual release is introduced, non-deprecated endpoints will generally be transferred to the new release without modifications. As a result, the same endpoint will usually be able to be accessed via both the old and new versions. Only the latest public release will receive new functionality. If at anytime throughout the year a experimental API is deemed ready for production, it will be released into the current years public version, but not previous years.
Annual release versions will typically be supported for 3 years and then remain operational for an additional 2-year transition period, unless otherwise noted or an exception applies. Customers will be expected to move to the latest public release during those two years. Customers seeking support for an annual release that is over 3 years old will be asked to transition to a newer version.
The following image demonstrates the support model for public and experimental releases. The green bars represent how long an annual release version will be supported by our support team. When a annual release is older than three years, it may still remain operational, but it is no longer supported. The blue bars represent experimental releases which are available for one year in the preview state before being changed to a production release.
The following image demonstrates the support model for public and experimental releases. The green bars represent how long an annual release version will be supported by our support team. When a annual release is older than three years, it may still remain operational, but it is no longer supported. During each calendar years main release (e.g., v2025), an optional experimental release may be introduced in preparation for the following years version (e.g., v2026). Blue bars on the timeline represent these experimental releases. For example, in 2025, if breaking changes are required for a public api, an experimental version (v2026) of the api may be published during the v2025 cycle.
![Versioning Timeline](./img/api-versioning-timeline.jpg)
![Versioning Timeline](./img/api-versioning-timeline.png)
## Deprecations

2
docs/api/authorization.md
View File

@@ -90,7 +90,7 @@ SailPoint is working to define scopes for every endpoint, but you may encounter
## Assigning Scopes with the UI
When you create a PAT in the UI, you can apply scopes to the token. More information on how to do this will be added in the near future.
When you generate a PAT with the UI, a list of scopes available to you will display in the window. To apply the desired scopes to your PAT, toggle them on before you select 'Create'. To learn more about generating a PAT and assigning scopes, refer to [Managing API Keys and Personal Access Tokens](https://documentation.sailpoint.com/saas/help/common/api_keys.html).
## Assigning Scopes with the API

6
docs/api/beta/api-versioning-strategy.md
View File

@@ -90,15 +90,15 @@ If you attempt to invoke an experimental API without specifying the `X-SailPoint
SailPoint will introduce an annual release which includes both public and experimental APIs. Each yearly version will be named according to its release year. For instance, if the release occurs in 2025, the version will be designated as v2025.
Each annual release will be accompanied by an experimental release if there is at least one breaking change introduced in the current annual release. This experimental release will be named after the next year. For example, if the current year is 2025, the experimental version will be named v2026. Any breaking changes to public endpoints in a public version throughout the year will be introduced in the experimental version.
Each annual release may be accompanied by an experimental release if there is at least one breaking change introduced in the current annual release. For example, if the annual release is v2025 and breaking changes would be introduced, those breaking changes will be introduced as v2026 experimental APIs.
When a new annual release is introduced, non-deprecated endpoints will generally be transferred to the new release without modifications. As a result, the same endpoint will usually be able to be accessed via both the old and new versions. Only the latest public release will receive new functionality. If at anytime throughout the year a experimental API is deemed ready for production, it will be released into the current years public version, but not previous years.
Annual release versions will typically be supported for 3 years and then remain operational for an additional 2-year transition period, unless otherwise noted or an exception applies. Customers will be expected to move to the latest public release during those two years. Customers seeking support for an annual release that is over 3 years old will be asked to transition to a newer version.
The following image demonstrates the support model for public and experimental releases. The green bars represent how long an annual release version will be supported by our support team. When a annual release is older than three years, it may still remain operational, but it is no longer supported. The blue bars represent experimental releases which are available for one year in the preview state before being changed to a production release.
The following image demonstrates the support model for public and experimental releases. The green bars represent how long an annual release version will be supported by our support team. When a annual release is older than three years, it may still remain operational, but it is no longer supported. During each calendar years main release (e.g., v2025), an optional experimental release may be introduced in preparation for the following years version (e.g., v2026). Blue bars on the timeline represent these experimental releases. For example, in 2025, if breaking changes are required for a public api, an experimental version (v2026) of the api may be published during the v2025 cycle.
![Versioning Timeline](../img/api-versioning-timeline.jpg)
![Versioning Timeline](../img/api-versioning-timeline.png)
## Deprecations

BIN
docs/api/img/api-versioning-timeline.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 630 KiB

BIN
docs/api/img/api-versioning-timeline.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 181 KiB

8
docs/api/v2024/api-versioning-strategy.md
View File

@@ -88,17 +88,17 @@ If you attempt to invoke an experimental API without specifying the `X-SailPoint
## Release schedule
SailPoint will introduce an annual release which includes both public and experimental APIs. Each yearly version will be named according to its release year. For instance, if the release occurs in 2025, the version will be designated as v2025.
SailPoint will introduce an annual release that includes both public and experimental APIs. Each yearly version will be named according to its release year. For instance, if the release occurs in 2025, the version will be designated as v2025.
Each annual release will be accompanied by an experimental release if there is at least one breaking change introduced in the current annual release. This experimental release will be named after the next year. For example, if the current year is 2025, the experimental version will be named v2026. Any breaking changes to public endpoints in a public version throughout the year will be introduced in the experimental version.
Each annual release may be accompanied by an experimental release if it introduces at least one breaking change. For example, if the annual release is v2025 and includes breaking changes, those changes will be introduced as experimental APIs in v2026.
When a new annual release is introduced, non-deprecated endpoints will generally be transferred to the new release without modifications. As a result, the same endpoint will usually be able to be accessed via both the old and new versions. Only the latest public release will receive new functionality. If at anytime throughout the year a experimental API is deemed ready for production, it will be released into the current years public version, but not previous years.
Annual release versions will typically be supported for 3 years and then remain operational for an additional 2-year transition period, unless otherwise noted or an exception applies. Customers will be expected to move to the latest public release during those two years. Customers seeking support for an annual release that is over 3 years old will be asked to transition to a newer version.
The following image demonstrates the support model for public and experimental releases. The green bars represent how long an annual release version will be supported by our support team. When a annual release is older than three years, it may still remain operational, but it is no longer supported. The blue bars represent experimental releases which are available for one year in the preview state before being changed to a production release.
The following image demonstrates the support model for public and experimental releases. The green bars represent how long an annual release version will be supported by our support team. When a annual release is older than three years, it may still remain operational, but it is no longer supported. During each calendar years main release (e.g., v2025), an optional experimental release may be introduced in preparation for the following years version (e.g., v2026). Blue bars on the timeline represent these experimental releases. For example, in 2025, if breaking changes are required for a public api, an experimental version (v2026) of the api may be published during the v2025 cycle.
![Versioning Timeline](../img/api-versioning-timeline.jpg)
![Versioning Timeline](../img/api-versioning-timeline.png)
## Deprecations

8
docs/api/v2025/api-versioning-strategy.md
View File

@@ -88,17 +88,17 @@ If you attempt to invoke an experimental API without specifying the `X-SailPoint
## Release schedule
SailPoint will introduce an annual release which includes both public and experimental APIs. Each yearly version will be named according to its release year. For instance, if the release occurs in 2025, the version will be designated as v2025.
SailPoint will introduce an annual release that includes both public and experimental APIs. Each yearly version will be named according to its release year. For instance, if the release occurs in 2025, the version will be designated as v2025.
Each annual release will be accompanied by an experimental release if there is at least one breaking change introduced in the current annual release. This experimental release will be named after the next year. For example, if the current year is 2025, the experimental version will be named v2026. Any breaking changes to public endpoints in a public version throughout the year will be introduced in the experimental version.
Each annual release may be accompanied by an experimental release if it introduces at least one breaking change. For example, if the annual release is v2025 and includes breaking changes, those changes will be introduced as experimental APIs in v2026.
When a new annual release is introduced, non-deprecated endpoints will generally be transferred to the new release without modifications. As a result, the same endpoint will usually be able to be accessed via both the old and new versions. Only the latest public release will receive new functionality. If at anytime throughout the year a experimental API is deemed ready for production, it will be released into the current years public version, but not previous years.
Annual release versions will typically be supported for 3 years and then remain operational for an additional 2-year transition period, unless otherwise noted or an exception applies. Customers will be expected to move to the latest public release during those two years. Customers seeking support for an annual release that is over 3 years old will be asked to transition to a newer version.
The following image demonstrates the support model for public and experimental releases. The green bars represent how long an annual release version will be supported by our support team. When a annual release is older than three years, it may still remain operational, but it is no longer supported. The blue bars represent experimental releases which are available for one year in the preview state before being changed to a production release.
The following image demonstrates the support model for public and experimental releases. The green bars represent how long an annual release version will be supported by our support team. When a annual release is older than three years, it may still remain operational, but it is no longer supported. During each calendar years main release (e.g., v2025), an optional experimental release may be introduced in preparation for the following years version (e.g., v2026). Blue bars on the timeline represent these experimental releases. For example, in 2025, if breaking changes are required for a public api, an experimental version (v2026) of the api may be published during the v2025 cycle.
![Versioning Timeline](../img/api-versioning-timeline.jpg)
![Versioning Timeline](../img/api-versioning-timeline.png)
## Deprecations

8
docs/api/v3/api-versioning-strategy.md
View File

@@ -88,17 +88,17 @@ If you attempt to invoke an experimental API without specifying the `X-SailPoint
## Release schedule
SailPoint will introduce an annual release which includes both public and experimental APIs. Each yearly version will be named according to its release year. For instance, if the release occurs in 2025, the version will be designated as v2025.
SailPoint will introduce an annual release that includes both public and experimental APIs. Each yearly version will be named according to its release year. For instance, if the release occurs in 2025, the version will be designated as v2025.
Each annual release will be accompanied by an experimental release if there is at least one breaking change introduced in the current annual release. This experimental release will be named after the next year. For example, if the current year is 2025, the experimental version will be named v2026. Any breaking changes to public endpoints in a public version throughout the year will be introduced in the experimental version.
Each annual release may be accompanied by an experimental release if it introduces at least one breaking change. For example, if the annual release is v2025 and includes breaking changes, those changes will be introduced as experimental APIs in v2026.
When a new annual release is introduced, non-deprecated endpoints will generally be transferred to the new release without modifications. As a result, the same endpoint will usually be able to be accessed via both the old and new versions. Only the latest public release will receive new functionality. If at anytime throughout the year a experimental API is deemed ready for production, it will be released into the current years public version, but not previous years.
Annual release versions will typically be supported for 3 years and then remain operational for an additional 2-year transition period, unless otherwise noted or an exception applies. Customers will be expected to move to the latest public release during those two years. Customers seeking support for an annual release that is over 3 years old will be asked to transition to a newer version.
The following image demonstrates the support model for public and experimental releases. The green bars represent how long an annual release version will be supported by our support team. When a annual release is older than three years, it may still remain operational, but it is no longer supported. The blue bars represent experimental releases which are available for one year in the preview state before being changed to a production release.
The following image demonstrates the support model for public and experimental releases. The green bars represent how long an annual release version will be supported by our support team. When a annual release is older than three years, it may still remain operational, but it is no longer supported. During each calendar years main release (e.g., v2025), an optional experimental release may be introduced in preparation for the following years version (e.g., v2026). Blue bars on the timeline represent these experimental releases. For example, in 2025, if breaking changes are required for a public api, an experimental version (v2026) of the api may be published during the v2025 cycle.
![Versioning Timeline](../img/api-versioning-timeline.jpg)
![Versioning Timeline](../img/api-versioning-timeline.png)
## Deprecations

17
docs/connectivity/saas-connectivity/connector-commands/entitlement-list.md
View File

@@ -18,7 +18,15 @@ tags: ['Connectivity', 'Connector Command']
```javascript
{
"type": "group"
"type": "group",
"stateful": "true",
"state": {
"date": "4/23/2024"
},
"schema": {
"type": "string",
"includePermissions": true
}
}
```
@@ -33,10 +41,15 @@ tags: ['Connectivity', 'Connector Command']
}
},
"type": "group",
"deleted": false,
"attributes": {
"id": "administrator",
"name": "Administrator"
}
},
"permissions": [
"target": "SYSADMIN",
"rights": "useAccounts,retrieveAccounts"
]
}
```

13
docs/connectivity/saas-connectivity/connector-commands/entitlement-read.md
View File

@@ -32,7 +32,11 @@ To use this command, you must specify this value in the `commands` array: `std:e
"id": "john.doe"
}
},
"type": "group"
"type": "group",
"schema": {
"type": "string",
"includePermissions": true
}
}
```
@@ -47,10 +51,15 @@ To use this command, you must specify this value in the `commands` array: `std:e
}
},
"type": "group",
"deleted": false,
"attributes": {
"id": "administrator",
"name": "Administrator"
}
},
"permissions": [
"target": "SYSADMIN",
"rights": "useAccounts,retrieveAccounts"
]
}
```

2
docs/connectivity/saas-connectivity/connector-commands/index.md
View File

@@ -3,7 +3,7 @@ id: connector-commands
title: Connector Commands
pagination_label: Connector Commands
sidebar_label: Connector Commands
sidebar_position: 7
sidebar_position: 8
sidebar_class_name: connectorCommands
keywords: ['connectivity', 'connector', 'commands']
description: All commands available to implement in a SaaS Connector.

2
docs/connectivity/saas-connectivity/connector-customizers/index.md
View File

@@ -3,7 +3,7 @@ id: connectivity-customizers
title: Connectivity Customizers
pagination_label: Connectivity Customizers
sidebar_label: Customizers
sidebar_position: 7.1
sidebar_position: 8.1
sidebar_class_name: saasConnectivity
keywords: ['connectivity', 'connectors', customizers]
description: Connectivity customizers can customize out of the box SaaS connectors.

BIN
docs/connectivity/saas-connectivity/img/Solution_Brief_ZKE_Figure1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 56 KiB

BIN
docs/connectivity/saas-connectivity/img/Solution_Brief_ZKE_Figure2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 77 KiB

2
docs/connectivity/saas-connectivity/index.md
View File

@@ -45,6 +45,6 @@ With both SaaS connectivity and traditional VA connectivity in place, you can ha
## Connectivity Encryption
Any direct connectors that specify a virtual appliance (VA) use [Zero Knowledge Encryption](https://community.sailpoint.com/t5/Lighthouse/Protecting-Sensitive-Data-with-Zero-Knowledge-Encryption/ta-p/79657?attachment-id=452) schemes with an RSA 2048-bit asymmetric key pair: there is a private key on the VA for decryption and a public key in the cloud (as part of the VA cluster) for encryption.
Any direct connectors that specify a virtual appliance (VA) use [Zero Knowledge Encryption](https://community.sailpoint.com/t5/Lighthouse/Protecting-Sensitive-Data-with-Zero-Knowledge-Encryption/ta-p/79657?attachment-id=452) schemes with an RSA 2048-bit asymmetric key pair: there is a private key on the VA for decryption and a public key in the cloud (as part of the VA cluster) for encryption. You can read more about SailPoint's *Zero Knowledge Encryption* [here](../saas-connectivity/zero-knowledge-encryption.md).
SaaS connectors cannot operate the same way because they do not communicate through VA clusters. Despite this, SaaS connectors can still leverage the asymmetric key pair scheme — the key pair simply resides in the cloud instead of on the VA. The key pair is only accessible to the Connectivity service and is managed to SailPoint standards for credential storage. Whenever you are storing secret data, use the `secret` or `secrettextarea` field types.

149
docs/connectivity/saas-connectivity/zero-knowledge-encryption.md Normal file
View File

@@ -0,0 +1,149 @@
---
id: zero-knowledge-encryption
title: Zero Knowledge Encryption
pagination_label: Zero Knowledge Encryption
sidebar_label: Zero Knowledge Encryption
sidebar_position: 7
sidebar_class_name: zeroKnowledgeEncryption
keywords: ['connectivity', 'connector', 'encryption']
description: Protect sensitive data with zero knowledge encryption.
slug: /connectivity/saas-connectivity/zero-knowledge-encryption
tags: ['Connectivity']
---
## Protecting Sensitive Data with Zero Knowledge Encryption
Organizations are rapidly adopting cloud-delivered software, or SaaS, which often uses sensitive user data such as account credentials.
This data is often sent across the Internet and potentially stored in databases and directories that may not be under the direct control of the companys IT department.
Many enterprises take advantage of SailPoint Identity Security Cloud (ISC) to govern access, enhance productivity, and automate IT processes across both cloud and on-premises resources.
Protecting this sensitive data is paramount, so SailPoint handles it with the utmost commitment.
Passwords are a ubiquitous, time-honored method of securing access to critical data.
Even more important than user passwords are administrative account credentials, which allow privileged access to systems.
Todays enterprises use additional measures like security questions, which are equally as important to protect as passwords.
ISC secures all credentials and sensitive identity data while at rest and in motion. SailPoints solution for securing sensitive data is built upon two tenets:
1. All sensitive data must be protected by at least two layers of encryption, and those two layers must be dissimilar so if one is compromised, the other cannot be compromised the same way.
For example, encrypt credentials using 2048-bit RSA encryption, and then use Transport Layer Security (TLS) to encrypt the encrypted credentials while in motion.
2. SailPoint never has access to the unencrypted form of sensitive data. It is always encrypted with a key that is controlled by the user or customer and is not accessible to SailPoint.
The key is always kept separate from the encrypted data.
ISC delivers this level of security using a scalable and redundant architecture that, unlike many other solutions in the market, does not rely on using agents or opening the corporate firewall, and never exposes sensitive data to attack.
## Patented Zero Knowledge Encryption
IT organizations traditionally employ security measures to protect their networks such as firewalls and intrusion detection and prevention systems.
SailPoints *Zero Knowledge Encryption* (US Patents 9319395, 9722980, 10277566) secures administrative credentials in a way that is protected from breach, without impairing the effectiveness of these systems.
SailPoint's *Zero Knowledge Encryption* always meets these standards:
- SailPoint never has access to any administrative password required for servicing accounts.
- Credentials are never sent over the internet, and they are never stored.
- All passwords are encrypted with encryption keys that are only known to the customer and can never be decrypted without the customer-owned key.
- All passwords are always encrypted a second time using a different encryption technique or technology, making a breach of credentials nearly impossible.
Since unencrypted credentials are never stored or sent over the internet, they are not vulnerable to attack.
## SailPoint Virtual Appliance
*Zero Knowledge Encryption* uses the SailPoint virtual appliance (VA) to provide a secure, scalable, and redundant interface to both on-premises and cloud resources.
VAs are deployed in clusters behind the firewall of the enterprise datacenter without requiring ports to be opened, so the enterprises intrusion prevention and network security perimeter enforcement remains intact.
The VA continuously polls ISC in the cloud, looking for tasks or for data that is waiting for action.
The VA is scalable, highly-available, and because it's completely self-managed and updates automatically, it adds no administrative overhead.
The company administrator specifies a passphrase that is unknown to SailPoint, which is used to generate a 2048-bit RSA public/private key pair.
The VA then serves the public key that ISC uses to encrypt account credentials.
This ensures that any credential exchange with systems that require administrative access are securely encrypted using a user-specified key that is not known to SailPoint, not stored on any SailPoint server, and is created and maintained within the enterprise security perimeter or firewall.
The user-specified keys are then managed and rotated according to the administrators security policy.
This is the SailPoint VA configuration:
![SailPoint VA Configuration](./img/Solution_Brief_ZKE_Figure1.png)
This is the process SailPoint uses to secure service account credentials with the SailPoint VA:
![Securing Service Account Credentials](./img/Solution_Brief_ZKE_Figure2.png)
The first VA within a cluster generates an RSA 2048-bit encryption key that is unique to that cluster.
Additionally, multiple clusters can be deployed, each with its own unique admin-assigned passphrase and encryption key.
Multiple vaS may be deployed in each cluster to add horizontal scalability, redundancy, and load-balancing capacity to enterprise-scale deployments.
Multiple clusters may be deployed to meet the distributed needs of an organizations particular security model, such as deploying VAs in datacenters, whether they reside on-premises or are hosted in the cloud to communicate with SaaS systems.
VA clusters can be deployed within each datacenter or geography to keep security zones compartmentalized.
## Securing Sensitive Enterprise Data
Sensitive data in the enterprise is not limited to administrative credentials.
It is common for other critical information and credentials to be used as well, and their usage is not always obvious. ISC ensures this data is always secure.
### Identity Security Cloud Login and Authentication Information
SailPoint uses *Zero Knowledge Encryption* along with multiple layers of encryption for authentication in ISC.
The specific methods of encryption are tailored for whichever authentication method is chosen by the administrator.
#### Identity Security Cloud Password
When an ISC user creates their password, an SHA-256 hash is calculated, using a salt that itself is an SHA-256 hash of a random string.
This creates a cryptographic representation of the password that is then sent to ISC over a secure TLS connection, giving two layers of encryption.
It's the SHA-256 one-way cryptographic hash that is stored, not the plain-text password.
Whenever the user signs in to ISC using their password on subsequent logins, this one-way hash is generated anew, authenticating the user into ISC based on the hash value.
#### Pass-Through Authentication
Pass-through authentication allows ISC users to authenticate using a trusted source of authentication, such as the companys Active Directory server.
When a pass-through authentication user creates or changes their password, ISC uses *Zero Knowledge Encryption* to encrypt the new password in the browser using the 2048-bit RSA public key hosted by the virtual appliance.
Inside the companys firewall, the VA derives the password, using the 2048-bit RSA private key, and sets the password on the target system, without any chance of its being known outside the companys network.
When the user signs in to ISC in the future, this 2048-bit encrypted representation of the password is sent to the VA where the target system password is derived, within the customers firewall.
The target authentication system must then validate the users credentials.
#### Security Questions
Most enterprises use security questions to provide strong authentication, such as validating the users identity for password changes or enabling access to higher security systems.
In ISC, the answers to users security questions are encrypted using SHA-256 to create a one-way hash, using a salt that includes a random string and the users Universally Unique Identifier (UUID).
This makes the answers to the users security questions virtually impossible to hack.
All of this is sent over TLS, providing at least two layers of encryption at all times.
### Third-Party Authentication
Many enterprises employ access management tools known as “Identity Providers” (or IdPs) to facilitate single sign-on and other features like self-service password reset for the applications and systems they use within their enterprise, multi-factor authentication, mobile device management and the like.
Because ISC enables many access-oriented actions for signed-in users, it becomes critical to understand how those users can be signed in to ISC.
When a user is signing in to ISC from a third-party SSO tool, the security of the credentials used for this sign-in depends on the protocols or methods that SSO tool uses.
There are two methods of single sign-on in common use in the industry: credential replay and federation.
#### Credential Replay
With credential replay, the SSO tool automatically fills in the sign-in page username and password fields with a stored username and password when it's performing single sign-on.
To ensure that credentials cannot be compromised during credential replay, it's critical that you thoroughly evaluate how your SSO provider stores credentials and secures them when it's replaying into ISC.
Because these methods vary and don't conform to a recognized standard, credential replay for signing in to ISC is not the preferred method of single sign-on.
#### Federation
Federation using Security Assertion Markup Language (SAML) is the industry-standard secure method for single sign-on and most enterprise-grade SSO products support it.
With SAML, no password is used for signing in, and a password doesn't have to be stored by the SSO vendor.
Because no credentials exist either at rest or in motion, SAML is very secure and has proven nearly impossible to hack.
ISC fully supports SAML for federated logins, which enables integration with the best in class access management products without putting critical credentials at risk.
### Secure Password Management
When the user updates a password on a target application through ISC, they must use the administrative credentials for that target system or directory to set the new password.
ISC uses *Zero Knowledge Encryption* through the SailPoint VA to secure these sensitive administrative credentials.
Also, the new password itself is first encrypted prior to transmission to the target system, and a second form of encryption is applied while the new password is in motion or at rest.
### Automated Task Authentication
ISC implements *Zero Knowledge Encryption* within the SailPoint virtual appliance to secure all these administrative actions that are used by automated tasks within the governance platform:
- **Account Aggregation** ISC uses administrative credentials to learn about accounts on diverse types of connected systems.
- **User Provisioning** ISC uses administrative account access to external systems to provision accounts, set entitlements, lock and unlock or enable and disable accounts, assign groups, and perform other actions on those systems.
- **Password Management** Changing and updating passwords on external systems requires ISC to sign in to those systems with administrative access.
- **Access Certifications** Remediation activity from an access certification is a provisioning action that uses administrative access to the target system.
All these automated tasks, and any other administrative action ISC takes as a part of the service of governance, are all secured using *Zero Knowledge Encryption* through the VA.
## Conclusion
With a range of technologies including the patented *Zero Knowledge Encryption*, SailPoint shows its commitment to security with continuous innovation, creating the best-in-class security in their cloud governance platform.
Identity Security Cloud builds upon decades of enterprise security best practices, and unlike other vendors, does not require customers to change their firewall or intrusion protection practices.
The powerful combination of multiple encryption technologies ensures sensitive data is always protected with the most advanced technology available, securing your organizations adoption of cloud technologies today and into the future.
© 2024 SailPoint Technologies, Inc. All rights reserved. SailPoint, the SailPoint logo and all techniques are trademarks or registered trademarks of SailPoint Technologies, Inc. in the U.S. and/or other countries. All other products or services are trademarks of their respective companies.

14
docs/extensibility/event-triggers/preparing-a-subscriber-service.md
View File

@@ -36,3 +36,17 @@ No-code/low-code providers, like Zapier and Microsoft Power Automate, make it ea
## Custom Application
A custom application is one you write in a language of your choosing and host in your own infrastructure, cloud, or on-premise. This is the most advanced option for implementing an event trigger client service. Although it requires a great deal of skill and knowledge to build, deploy, and operate your own service that can consume requests over HTTP, a custom application offers the most power and flexibility to implement your use cases. You can learn more about custom applications by checking out our [Event Trigger Example Application](https://github.com/sailpoint-oss/event-trigger-examples).
### Visual Studio Code Port Forwarding
When you're developing a custom application that can consume event triggers, ISC needs a public URL (Integration URL) it can send event data to. However, you may want to test your custom application locally. If you're using Visual Studio Code (VSCode), you can use its [built-in port forwarding feature](https://code.visualstudio.com/docs/debugtest/port-forwarding) to generate a public URL and then forward its web traffic into your local web service.
Follow these steps to set up port forwarding in your custom application:
1. Open the terminal in VSCode and select the 'Ports' tab.
2. Select 'Forward a Port'.
3. Specify the port that your application is using to listen for event data. In the event trigger examples project, the port is 8081 by default. Click 'Enter' to create a port.
4. VSCode will prompt you to log in to GitHub. Log in, and VS Code will create a URL in the 'Forwarded Address' column. This is the URL you will make public for ISC to send event data to.
5. Right click the URL, select 'Visibility', and set the visibility to 'Public'. ISC needs the URL to be public to send it event data.
You now have a public URL you can provide to ISC as an 'Integration URL' when you subscribe to an event trigger. Copy the URL and paste it into the 'Integration URL' when you subscribe to an event trigger. Then add the event trigger endpoint to the end of the URL so that your application reads the correct event data. For example, you would use a URL like https://w6wl7kkz-8081.usw3.devtunnels.ms/form-submitted to consume the [Form Submitted](https://developer.sailpoint.com/docs/api/v2025/form-submitted-event) event trigger.

2
docs/extensibility/event-triggers/testing-triggers.md
View File

@@ -11,7 +11,7 @@ slug: /extensibility/event-triggers/testing-triggers
tags: ['Event Triggers']
---
It is important to test your trigger subscription configuration with your actual subscribing service (not a test site like [webhook.site](https://webhook.site)) before enabling your subscription for production use. Testing subscriptions ensures that your subscribing service can successfully receive events and that you are receiving the correct events based on the filter you have provided.
It is important to test your trigger subscription configuration with your actual subscribing service (not a test site like [webhook.site](https://webhook.site)) before enabling your subscription for production use. Testing subscriptions ensures that your subscribing service can successfully receive events and that you are receiving the correct events based on the filter you have provided. If you're using Visual Studio Code (VSCode), you can use [VSCode Port Forwarding](/docs/extensibility/event-triggers/preparing-subscriber-service#visual-studio-code-port-forwarding) to forward event data from a public URL to your local service to test your subscriber service properly.
## Sending Test Invocations

29
docs/reporting/access-intelligence-center/ciem-er-diagram.md
View File

@@ -20,7 +20,7 @@ import MermaidViewer from '@site/src/components/MermaidViewer';
<MermaidViewer diagram='erDiagram
"Entitlement Service Usage" {
varchar ENTITLEMENT_VALUE PK "ISC entitlement value associated with the access. Usually the cloud native ID."
varchar ENTITLEMENT_VALUE PK "Identity Security Cloud entitlement value associated with the access. Usually the cloud native ID."
varchar CIEM_KEY PK "composite key: CLOUD_PROVIDER-SERVICE-ENTITLEMENT_ACCOUNT_NATIVE_IDENTITY-CLOUD_SOURCE_NATIVE_ID"
varchar ACCESS_ASSIGNMENT_ID "Cloud native ID of the access assignment object. AWS: <policy arn>|<statement id> GCP: <policy id>:<role id>, Azure: RoleAssignment, RoleAssignmentScheduleInstance (PIM) or RoleEligibilityScheduleInstance (PIM)"
varchar ACCOUNT_CLOUD_NAME "Cloud provider associated with the account (AWS|GCP|Okta|Azure). When the access is federated, this will be different than CLOUD_PROVIDER."
@@ -33,7 +33,7 @@ import MermaidViewer from '@site/src/components/MermaidViewer';
varchar CLOUD_SUB_SOURCE_DISPLAY_NAME "Cloud native display name of the service sub-source (if applicable). AWS: Managed account, Azure: Subscription, GCP: Project"
varchar CLOUD_SUB_SOURCE_NATIVE_ID "Cloud native ID of the services sub-source (if applicable)"
varchar SERVICE "Cloud service for which usage is being determined"
varchar SOURCE_NAME "ISC source name associated with the cloud service"
varchar SOURCE_NAME "Identity Security Cloud source name associated with the cloud service"
array ENTITLEMENT_USAGE "Aggregated usage across all accounts and services for the ENTITLEMENT_VALUE"
}
"Resource Access" {
@@ -49,19 +49,19 @@ import MermaidViewer from '@site/src/components/MermaidViewer';
varchar RESOURCE_NAME "Human readable name of the resource (if available)"
varchar RESOURCE_TYPE "Resource type, derived from the cloud API response types"
varchar RESOURCE_ACCESS_SERVICE "Cloud service associated with the resource"
varchar RESOURCE_ACCESS_SOURCE_NAME "ISC source name associated with the resource"
varchar RESOURCE_ACCESS_SOURCE_NAME "Identity Security Cloud source name associated with the resource"
}
ENTITLEMENT {
varchar ENTITLEMENT_VALUE PK "ISC entitlement value associated with the access. Usually the cloud native ID."
varchar ENTITLEMENT_ATTRIBUTE "Entitlement type as determined by ISC sources"
varchar ENTITLEMENT_DISPLAY_NAME "Human readable name of the entitlement as constructed by ISC"
varchar ENTITLEMENT_VALUE PK "Identity Security Cloud entitlement value associated with the access. Usually the cloud native ID."
varchar ENTITLEMENT_ATTRIBUTE "Entitlement type as determined by Identity Security Cloud sources"
varchar ENTITLEMENT_DISPLAY_NAME "Human readable name of the entitlement as constructed by Identity Security Cloud"
timestamp ENTITLEMENT_SYNC_DATE "Timestamp of latest sync of entitlement to source tables"
}
IDENTITY {
varchar IDENTITY_ID PK "Unique identifier of the identity"
varchar TENANT_ID PK "Tenant unique identifier"
timestamp IDENTITY_CREATED "Identity created date in ISC"
timestamp IDENTITY_UPDATED "Identity modified date in ISC"
timestamp IDENTITY_CREATED "Identity created date in Identity Security Cloud"
timestamp IDENTITY_UPDATED "Identity modified date in Identity Security Cloud"
varchar NAME "Name of the identity"
varchar IDENTITY_DISPLAY_NAME "User friendly label for the identity. Usually First Name Last Name."
varchar IDENTITY_MANAGERS_NAME "Name of the manager of the identity"
@@ -75,13 +75,14 @@ import MermaidViewer from '@site/src/components/MermaidViewer';
}
ACCOUNT {
varchar ACCOUNT_NATIVE_IDENTITY PK "Cloud native ID of account"
varchar IDENTITY_ID PK "ISC unique identifier of the identity correlated with the account (null if uncorrelated)"
varchar ACCOUNT_ID "ISC unique identifier of account"
varchar ACCOUNT_NAME "Name of account as configured in ISC"
varchar ACCOUNT_CREATED_DATE "Account creation date (ingestion/creation in ISC)"
varchar ACCOUNT_UPDATED_DATE "Account update date (updated in ISC)"
varchar ACCOUNT_DISPLAY_NAME "Display name of account as configured in ISC"
varchar IDENTITY_ID PK "Identity Security Cloud unique identifier of the identity correlated with the account (null if uncorrelated)"
varchar ACCOUNT_ID "Identity Security Cloud unique identifier of account"
varchar ACCOUNT_NAME "Name of account as configured in Identity Security Cloud"
varchar ACCOUNT_CREATED_DATE "Account creation date (ingestion/creation in Identity Security Cloud)"
varchar ACCOUNT_UPDATED_DATE "Account update date (updated in Identity Security Cloud)"
varchar ACCOUNT_DISPLAY_NAME "Display name of account as configured in Identity Security Cloud"
varchar ACCOUNT_STATUS "Status of account (Enabled|Disabled|Locked)"
varchar ACCOUNT_SOURCE_DISPLAY_NAME "The Identity Security Cloud source"
varchar ACCOUNT_SYNC_DATE "Timestamp of latest sync of record to source tables"
}
IDENTITY ||--o{ ACCOUNT : "associated to"

150
docs/tools/cli/api.md Normal file
View File

@@ -0,0 +1,150 @@
---
id: cli-api
title: API
pagination_label: CLI API
sidebar_label: API
sidebar_position: 10
sidebar_class_name: cli-api
keywords: ['cli', 'cli api', 'api']
description: Learn how to use the CLI to make generic api calls in this guide.
slug: /tools/cli/api
tags: ['CLI']
---
Learn how to use the SailPoint CLI to make generic API calls in this guide.
The `api` command makes it easy to call SailPoint APIs and parse the results using JSONPath queries if needed.
- [get](#get-requests)
- [post](#post-requests)
- [patch](#patch-requests)
- [put](#put-requests)
- [delete](#delete-requests)
## Get Requests
Run this command to get a list of transforms using the v2025 API:
```shell
sail api get /v2025/transforms
```
You can filter the results using the `--jsonpath` flag or `-j` for short. The following command returns just the names of the transforms:
```shell
sail api get /v2025/transforms --jsonpath "$.*.name"
```
For better readability, you can pretty-print the response using the `--pretty` flag or `-p` for short:
```shell
sail api get /v2025/transforms --jsonpath "$.*.name" --pretty
```
### Headers
To include headers with your API call—such as calling an experimental endpoint—use the `--headers` or `-H` flag:
```shell
sail api get /v2025/entitlements/ -H "X-SailPoint-Experimental:true"
```
### Query Parameters
Use the `--query` or `-q` flag to provide query parameters.
For example, run this command to retrieve a list of entitlements owned by a specific identity:
:::tip
Query parameters may need to be escaped depending on their use.
:::
```shell
sail api get /v2025/entitlements -q filters="owner.id eq\"<identity_id>\"" -H "X-SailPoint-Experimental:true"
```
### Multiple Query Parameters
The `--query` flag can be used multiple times to provide additional query parameters.
Use the following command to return a single entitlement owned by a specific identity:
```shell
sail api get /v2025/entitlements -q filters="owner.id eq\"<identity-id>\"" -q limit=1 -H "X-SailPoint-Experimental:true"
```
## Post Requests
Use the `post` subcommand to create resources.
Run the following command to create a basic transform, passing the request body as a string:
```shell
sail api post /v2025/transforms --body '{"name":"ToLowerCase","type":"lower","attributes":{}}'
```
Alternatively, use the `--body-file` or `-f` flag to provide the request body from a file:
```shell
sail api post /v2025/transforms --file-body ./transform.json
```
## Patch Requests
Use the `patch` sub command to update resources.
Run the following command to update the owner of an access profile:
```shell
sail api patch /v2025/access-profiles/<access-profile-id> --body '[{"op":"replace","path":"/owner/id","value":"<identity-id>"}]'
```
## Put Requests
Run this command to replace a transform object using the v2025 API:
```shell
sail api put /v2025/transforms/<transform-id> --body '{"name":"ToLowerCase","type":"lower","attributes":{}}'
```
Use the `--body-file` or `-f` flag to provide the body of the request via a file.
```shell
sail api put /v2025/transforms --file-body ./updated-transform.json
```
## Delete Requests
Use this command to remove resources from Identity Security Cloud.
Run the following command to remove a transform from your tenant:
```shell
sail api delete /v2025/transforms/<transform-id>
```
## Changing commands together
You can combine the `--jsonpath` flag with tools like [jq](https://jqlang.org/) to chain commands and perform complex operations.
For example, the following script reassigns roles from one owner to another. It uses `--jsonpath` to extract role IDs owned by the source identity, then updates each role with the new owner using `sail api patch`.
```shell
#!/bin/bash
from=$1
to=$2
if [[ -z "$from" || -z "$to" ]]; then
echo "Usage: $0 <from> <to>"
exit 1
fi
ids=$(sail api get /v2025/roles -q "filters=owner.id eq \"$from\"" --jsonpath '$.*.id')
for id in $(echo "$ids" | jq -r '.[]'); do
echo "Patching role ID: $id"
sail api patch /v2025/roles/"$id" \
--body "[{\"op\":\"replace\",\"path\":\"/owner/id\",\"value\":\"$to\"}]"
done
```

2
docs/tools/cli/index.md
View File

@@ -40,7 +40,7 @@ Learn how to use the SailPoint command line interface (CLI) in this guide.
- [PAT Authentication](#pat-authentication)
- [Environment variable configuration](#environment-variable-configuration)
- [Usage](#usage)
- [GitHub](#github)
- [Support](#support)
- [Contribution](#contribution)
- [Questions](#questions)

136
docs/tools/cli/reassign.md Normal file
View File

@@ -0,0 +1,136 @@
---
id: cli-reassign
title: Reassign
pagination_label: CLI Reassign
sidebar_label: Reassign
sidebar_position: 10
sidebar_class_name: cli-reassign
keywords: ['cli', 'cli reassign', 'reassign']
description: Learn how to use the CLI to reassign the owner on objects in Identity Security Cloud.
slug: /tools/cli/reassign
tags: ['CLI']
---
Learn how to use the SailPoint CLI to reassign the owner on objects in Identity Security Cloud.
The `reassign` command makes it easy to reassign ownership for the following supported object types:
* sources
* roles
* access profiles
* entitlements
* identity profiles
* governance groups
* workflows
## Reassign all object types
Use the following command to reassign all supported object types from one identity to another:
:::caution
It is recommended to use the `--dry-run` flag first to make sure the objects gathered are in fact the ones you wish to modify.
:::
```shell
sail reassign --from <old-owner-id> --to <new-owner-id> --dry-run
```
The command will gather the supported object types and then display a simple report to show you a summary of which objects will be reassigned.
You also have the ability to save the full report to a file in which you can view the objects in detail.
```text
Reassignment Preview
====================
From Owner: 2c918089796ba06c01798018af8d4161 (Tyler Mairose)
To Owner: <new-owner-id> (Darrell Thobe)
Object Types: source, role, access-profile, entitlement, identity-profile, governance-group, workflow
Dry Run: true
Objects to Reassign:
---------------------
Object Type Count
----------- -----
role 2
access-profile 0
entitlement 1
identity-profile 0
governance-group 1
workflow 1
source 6
Total: 11 objects
No changes have been made. Run the command without --dry-run to proceed.
Would you like to save the full report to a file (y/n):
```
### Reassign all object types without confirmation
Run the following command to reassign all supported object types from one identity to another without being asked for confirmation.
```shell
sail reassign --from <old-owner-id> --to <new-owner-id> --force
```
## Reassign specific object types
Use the following command to reassign only workflows and roles from one identity to another:
```shell
sail reassign --from <old-owner-id> --to <new-owner-id> --object-types workflow,role --dry-run
```
```text
Reassignment Preview
====================
From Owner: 2c918089796ba06c01798018af8d4161 (Tyler Mairose)
To Owner: c701d93655854f1ea583622e7103e468 (Darrell Thobe)
Object Types: workflow, role
Dry Run: true
Objects to Reassign:
---------------------
Object Type Count
----------- -----
role 2
workflow 1
Total: 3 objects
No changes have been made. Run the command without --dry-run to proceed.
```
Run the command without `--dry-run` to proceed with the reassignment:
```shell
sail reassign --from <old-owner-id> --to <new-owner-id> --object-types workflow,role
```
You will still be asked if you wish to save the full report and confirm that you wish to reassign the objects.
### Reassign specific object types without confirmation
Run the following command to reassign all workflows and roles from one identity to another without being asked for confirmation:
```shell
sail reassign --from <old-owner-id> --to <new-owner-id> --object-types workflow,role --force
```
## Reassign a single object
Use the reassign command with the `--object-id` flag, passing in the id of the object you wish to reassign. The command will determine its object type and generate the preview:
```shell
sail reassign --from <old-owner-id> --to <new-owner-id> --object-id <object-id>
```
To continue with the reassignment, call the command again without `--dry-run` and follow the prompts.
### Reassign a single object without confirmation
Run the following command to reassign a single object from one identity to another without being asked for confirmation:
```shell
sail reassign --from <old-owner-id> --to <new-owner-id> --object-id <object-id> --force
```

154
docs/tools/cli/sdk.md Normal file
View File

@@ -0,0 +1,154 @@
---
id: cli-sdk-init
title: SDK
pagination_label: CLI SDK
sidebar_label: SDK
sidebar_position: 20
sidebar_class_name: cli-sdk
keywords: ['cli', 'sdk init', 'sailpoint sdk', 'sdk setup']
description: Learn how to initialize a SailPoint SDK project using the CLI.
slug: /tools/cli/sdk
tags: ['CLI']
---
Learn how to use the SailPoint CLI to setup an SDK project. This command helps you initialize SDK projects across supported languages including Python, Go, PowerShell, and TypeScript.
- [Golang](#golang)
- [Python](#python)
- [PowerShell](#powershell)
- [TypeScript](#typescript)
## Golang
The SailPoint CLI offers a few commands that will allow you to quickly get started with the Go SDK. To learn how to install and use the SailPoint CLI, refer to [SailPoint CLI](https://developer.sailpoint.com/idn/tools/cli#get-the-cli).
Once the CLI is installed and configured, run this command to create a new Go project with the Go SDK:
```bash
sail sdk init golang go-example
```
Running the command will create the structure for your project:
```text
|-- go-example
| |-- go.mod
| |-- go.sum
| |-- sdk.go
```
Navigate into your project folder and run this command to install the required dependencies:
```bash
go mod tidy
```
The SDK is now installed. To learn how to configure the SDK, refer to the [Configure section](#configure).
## Python
The SailPoint CLI offers a few commands that will allow you to quickly get started with the Python SDK. To learn how to install and use the SailPoint CLI, refer to [SailPoint CLI](https://developer.sailpoint.com/idn/tools/cli#get-the-cli).
Once the CLI is installed and configured, run this command to create a new Python project with the Python SDK:
```bash
sail sdk init python python-example
```
Running this command will create the structure for your project:
```text
|-- python-example
| |-- requirements.txt
| |-- sdk.py
```
Navigate into your project folder and run this command to install the required dependencies:
```bash
pip install -r requirements.txt
```
The SDK is now installed. To learn how to configure the SDK, refer to the [Configure section](#configure).
## PowerShell
The SailPoint CLI offers a few commands that will allow you to quickly get started with the PowerShell SDK. To learn how to install and use the SailPoint CLI, refer to [SailPoint CLI](https://developer.sailpoint.com/idn/tools/cli#get-the-cli).
Once the CLI is installed and configured, run this command to create a new PowerShell project with the PowerShell SDK:
```bash
sail sdk init powershell
```
Running the command create the structure for your project:
```text
|-- powershell-template
| |-- paginate.ps1
| |-- paginateAccounts.ps1
| |-- patchEntitlement.ps1
| |-- sdk.ps1
| |-- search.ps1
| |-- transform.ps1
```
Run this command to install the required dependencies:
```powershell
Install-Module -Name PSSailpoint
Install-Module -Name PSSailpoint.Beta
Install-Module -Name PSSailpoint.V3
Install-Module -Name PSSailpoint.V2024
```
The command installs the SailPoint PowerShell SDK module. You will be prompted to confirm that you want to install the module from 'PSGallery'. Enter "A" to say "Yes to All".
If you already have a version of the PowerShell SDK installed, you can install a new version side-by-side with it by adding the `-Force` parameter to the end of your `Install-Module` commmand:
```powershell
Install-Module -Name PSSailpoint -Force
Install-Module -Name PSSailpoint.Beta -Force
Install-Module -Name PSSailpoint.V3 -Force
Install-Module -Name PSSailpoint.V2024 -Force
```
To validate that the module is installed, run this command, `Get-Module -ListAvailable PSSailpoint`, and verify that the module is listed. Additionally, you can run this command, `Get-Command -Module PSSailpoint`, to see the available commands included in the module.
The SDK is now installed. To learn how to configure the SDK, refer to the [Configure section](#configure).
## TypeScript
The SailPoint CLI offers a few commands that will allow you to quickly get started with the Typescript SDK. To learn how to install and use the SailPoint CLI, refer to [SailPoint CLI](https://developer.sailpoint.com/idn/tools/cli#get-the-cli).
Once the CLI is installed and configured, run this command to create a new Typescript project with the Typescript SDK:
```bash
sail sdk init typescript typescript-example
```
Running the command creates the structure for your project:
```text
|-- typescript-example
| |-- package.json
| |-- src
| | |-- index.ts
| |-- tsconfig.json
```
Navigate into your project folder and run this command to install the required dependencies:
```bash
npm install
```
The SDK is now installed. To learn how to configure the SDK, refer to the [Configure section](#configure).

6
docs/tools/sdk/go/creating-resources.md
View File

@@ -23,7 +23,7 @@ import (
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk"
"github.com/sailpoint-oss/golang-sdk/beta"
beta "github.com/sailpoint-oss/golang-sdk/v2/api_beta"
)
func main() {
@@ -32,7 +32,7 @@ func main() {
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, _, err := apiClient.V3.PublicIdentitiesApi.GetPublicIdentities(ctx).Limit(1).Execute()
resp, _, err := apiClient.V3.PublicIdentitiesAPI.GetPublicIdentities(ctx).Limit(1).Execute()
identity := "IDENTITY"
workgroupName := "DB Access Governance Group"
@@ -48,7 +48,7 @@ func main() {
},
}
newWorkgroup, request, errMessage := apiClient.Beta.GovernanceGroupsApi.CreateWorkgroup(ctx).WorkgroupDto(workgroup).Execute()
newWorkgroup, request, errMessage := apiClient.Beta.GovernanceGroupsAPI.CreateWorkgroup(ctx).WorkgroupDto(workgroup).Execute()
if errMessage != nil {
fmt.Fprintf(os.Stderr, "Error when calling `GovernanceGroupsApi.CreateWorkgroup``: %v\n", err)

5
docs/tools/sdk/go/deleting-resources.md
View File

@@ -22,6 +22,7 @@ import (
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk"
beta "github.com/sailpoint-oss/golang-sdk/v2/api_beta"
)
func main() {
@@ -30,14 +31,14 @@ func main() {
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
workgroup, r, err := apiClient.Beta.GovernanceGroupsApi.ListWorkgroups(ctx).Filters(`name eq "DB Access Governance Group"`).Execute()
workgroup, r, err := apiClient.Beta.GovernanceGroupsAPI.ListWorkgroups(ctx).Filters(`name eq "DB Access Governance Group"`).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when retrieving workgroup`: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
}
response, errorMessage := apiClient.Beta.GovernanceGroupsApi.DeleteWorkgroup(ctx, *workgroup[0].Id).Execute()
response, errorMessage := apiClient.Beta.GovernanceGroupsAPI.DeleteWorkgroup(ctx, *workgroup[0].Id).Execute()
if errorMessage != nil {
fmt.Fprintf(os.Stderr, "Error when updating workgroup`: %v\n", errorMessage)

4
docs/tools/sdk/go/error-handling.md
View File

@@ -16,7 +16,7 @@ The SDK returns the response object, request and error object for each method. T
You can use an `if` statement to check whether there are any errors with the request and take actions on the results, such as logging the message or performing additional actions before exiting the program:
```go
resp, r, err := apiClient.V3.TransformsApi.ListTransforms(ctx).Filters("This is an incorrect string").Execute()
resp, r, err := apiClient.V3.TransformsAPI.ListTransforms(ctx).Filters("This is an incorrect string").Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `TransformsApi.ListTransforms``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
@@ -26,7 +26,7 @@ if err != nil {
The program will continue running unless you specify to end it. Use `os.Exit(0)` within the error check to stop execution after an error is found.
```go
resp, r, err := apiClient.V3.TransformsApi.ListTransforms(ctx).Filters("This is an incorrect string").Execute()
resp, r, err := apiClient.V3.TransformsAPI.ListTransforms(ctx).Filters("This is an incorrect string").Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `TransformsApi.ListTransforms``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)

3
docs/tools/sdk/go/getting-started.md
View File

@@ -26,6 +26,7 @@ import (
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk"
v3 "github.com/sailpoint-oss/golang-sdk/v2/api_v3"
)
func main() {
@@ -34,7 +35,7 @@ func main() {
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := apiClient.V3.TransformsApi.ListTransforms(ctx).Execute()
resp, r, err := apiClient.V3.TransformsAPI.ListTransforms(ctx).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `TransformsApi.ListTransforms``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)

8
docs/tools/sdk/go/pagination.md
View File

@@ -24,7 +24,7 @@ import (
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk"
v3 "github.com/sailpoint-oss/golang-sdk/v3"
v3 "github.com/sailpoint-oss/golang-sdk/v2/api_v3"
)
func main() {
@@ -33,7 +33,7 @@ func main() {
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := sailpoint.PaginateWithDefaults[v3.Account](apiClient.V3.AccountsApi.ListAccounts(ctx))
resp, r, err := sailpoint.PaginateWithDefaults[v3.Account](apiClient.V3.AccountsAPI.ListAccounts(ctx))
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `PaginateWithDefaults[v3.Account]``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
@@ -56,7 +56,7 @@ import (
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk"
v3 "github.com/sailpoint-oss/golang-sdk/v3"
v3 "github.com/sailpoint-oss/golang-sdk/v2/api_v3"
)
func main() {
@@ -65,7 +65,7 @@ func main() {
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
resp, r, err := sailpoint.Paginate[v3.Account](apiClient.V3.AccountsApi.ListAccounts(ctx), 0, 250, 150000)
resp, r, err := sailpoint.Paginate[v3.Account](apiClient.V3.AccountsAPI.ListAccounts(ctx), 0, 250, 150000)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `Paginate[v3.Account]``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)

3
docs/tools/sdk/go/retries.md
View File

@@ -24,6 +24,7 @@ import (
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk"
v3 "github.com/sailpoint-oss/golang-sdk/v2/api_v3"
)
func main() {
@@ -35,7 +36,7 @@ func main() {
configuration.HTTPClient.RetryMax = 10
configuration.HTTPClient.RetryWaitMax = time.Second * 2
resp, r, err := apiClient.V3.TransformsApi.ListTransforms(ctx).Filters("This is an incorrect string").Execute()
resp, r, err := apiClient.V3.TransformsAPI.ListTransforms(ctx).Filters("This is an incorrect string").Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `TransformsApi.ListTransforms``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)

4
docs/tools/sdk/go/search.md
View File

@@ -31,7 +31,7 @@ func getSearchResults(ctx context.Context, apiClient *sailpoint.APIClient) {
}
`)
search.UnmarshalJSON(searchString)
resp, r, err := sailpoint.PaginateSearchApi(ctx, apiClient, *search, 0, 10, 10000)
resp, r, err := sailpoint.PaginateSearchAPI(ctx, apiClient, *search, 0, 10, 10000)
if err != nil {
fmt.Fprintf(os.Stderr, "Error when calling `PaginateSearchApi``: %v\n", err)
fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
@@ -80,7 +80,7 @@ In this example, the `"identities"` string represents an unmarshalled JSON. Chan
The search example includes the syntax you can use to paginate search results. Edit this line to configure the search result pagination:
```go
resp, r, err := sailpoint.PaginateSearchApi(ctx, apiClient, *search, 0, 10, 10000)
resp, r, err := sailpoint.PaginateSearchAPI(ctx, apiClient, *search, 0, 10, 10000)
```
The first value refers to the `initialOffset`, the starting number for the results, the second refers to the `increment`, the number of records per page, and the third refers to the `limit`, the last record that can be returned.

6
docs/tools/sdk/go/updating-resources.md
View File

@@ -23,7 +23,7 @@ import (
"os"
sailpoint "github.com/sailpoint-oss/golang-sdk"
"github.com/sailpoint-oss/golang-sdk/beta"
beta "github.com/sailpoint-oss/golang-sdk/v2/api_beta"
)
func main() {
@@ -32,7 +32,7 @@ func main() {
configuration := sailpoint.NewDefaultConfiguration()
apiClient := sailpoint.NewAPIClient(configuration)
workgroup, r, err := apiClient.Beta.GovernanceGroupsApi.ListWorkgroups(ctx).Filters(`name eq "DB Access Governance Group"`).Execute()
workgroup, r, err := apiClient.Beta.GovernanceGroupsAPI.ListWorkgroups(ctx).Filters(`name eq "DB Access Governance Group"`).Execute()
if err != nil {
fmt.Fprintf(os.Stderr, "Error when retrieving workgroup`: %v\n", err)
@@ -43,7 +43,7 @@ func main() {
newDescriptionValue := beta.JsonPatchOperationValue{String: &updatedDescription}
patchArray := []beta.JsonPatchOperation{{Op: "replace", Path: "/description", Value: &newDescriptionValue}}
updatedWorkgroup, request, errorMessage := apiClient.Beta.GovernanceGroupsApi.PatchWorkgroup(ctx, *workgroup[0].Id).JsonPatchOperation(patchArray).Execute()
updatedWorkgroup, request, errorMessage := apiClient.Beta.GovernanceGroupsAPI.PatchWorkgroup(ctx, *workgroup[0].Id).JsonPatchOperation(patchArray).Execute()
if errorMessage != nil {
fmt.Fprintf(os.Stderr, "Error when updating workgroup`: %v\n", errorMessage)

8
docs/tools/sdk/powershell/Reference/Beta/Methods/BetaAccessProfilesApi.md
View File

@@ -63,8 +63,9 @@ Method | HTTP request | Description
## create-access-profile
Create an access profile.
A user with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the access profile's Source.
A user with `ROLE_SUBADMIN` or `SOURCE_SUBADMIN` authority must be associated with the access profile's source.
The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles. However, any new access profiles as well as any updates to existing descriptions are limited to 2000 characters.
>**Note:** To use this endpoint, you need all the listed scopes.
[API Spec](https://developer.sailpoint.com/docs/api/beta/create-access-profile)
@@ -127,6 +128,7 @@ $AccessProfile = @"{
"segments" : [ "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", "29cb6c06-1da8-43ea-8be4-b3125f248f2a" ],
"accessRequestConfig" : {
"commentsRequired" : true,
"reauthorizationRequired" : true,
"approvalSchemes" : [ {
"approverId" : "46c79819-a69f-49a2-becb-12c971ae66c6",
"approverType" : "GOVERNANCE_GROUP"
@@ -409,7 +411,7 @@ Param Type | Name | Data Type | Required | Description
Query | Limit | **Int32** | (optional) (default to 250) | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Offset | **Int32** | (optional) (default to 0) | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Count | **Boolean** | (optional) (default to $false) | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Filters | **String** | (optional) | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* **source.id**: *eq, in* Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names.
Query | Filters | **String** | (optional) | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* **source.id**: *eq, in* Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names.
Query | Sorters | **String** | (optional) | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified**
Query | ForSegmentIds | **String** | (optional) | Filters access profiles to only those assigned to the segment(s) with the specified IDs. If segmentation is currently unavailable, specifying this parameter results in an error.
Query | IncludeUnsegmented | **Boolean** | (optional) (default to $true) | Indicates whether the response list should contain unsegmented access profiles. If `for-segment-ids` is absent or empty, specifying *include-unsegmented* as `false` results in an error.
@@ -437,7 +439,7 @@ $ForSubadmin = "8c190e6787aa4ed9a90bd9d5344523fb" # String | Filters the returne
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)
$Filters = 'name eq "SailPoint Support"' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* **source.id**: *eq, in* Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names. (optional)
$Filters = 'name eq "SailPoint Support"' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* **source.id**: *eq, in* Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names. (optional)
$Sorters = "name,-modified" # String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified** (optional)
$ForSegmentIds = "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" # String | Filters access profiles to only those assigned to the segment(s) with the specified IDs. If segmentation is currently unavailable, specifying this parameter results in an error. (optional)
$IncludeUnsegmented = $false # Boolean | Indicates whether the response list should contain unsegmented access profiles. If `for-segment-ids` is absent or empty, specifying *include-unsegmented* as `false` results in an error. (optional) (default to $true)

151
docs/tools/sdk/powershell/Reference/Beta/Methods/BetaAccessRequestsApi.md
View File

@@ -174,6 +174,7 @@ __GRANT_ACCESS__
* Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others.
* Roles, access profiles and entitlements can be requested.
* While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.
* Now supports an alternate field 'requestedForWithRequestedItems' for users to specify account selections while requesting items where they have more than one account on the source.
__REVOKE_ACCESS__
* Can only be requested for a single identity at a time.
@@ -184,6 +185,7 @@ __REVOKE_ACCESS__
* Revoke requests for entitlements are limited to 1 entitlement per access request currently.
* You can specify a `removeDate` if the access doesn't already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.
* Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone.
* Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of 'assignmentId' and 'nativeIdentity' fields.
[API Spec](https://developer.sailpoint.com/docs/api/beta/create-access-request)
@@ -213,7 +215,7 @@ Code | Description | Data Type
### Example
```powershell
$AccessRequest = @"{
"requestedFor" : [ "2c918084660f45d6016617daa9210584", "2c918084660f45d6016617daa9210584" ],
"requestedFor" : "2c918084660f45d6016617daa9210584",
"clientMetadata" : {
"requestedAppId" : "2c91808f7892918f0178b78da4a305a1",
"requestedAppName" : "test-app"
@@ -227,7 +229,9 @@ $AccessRequest = @"{
"removeDate" : "2020-07-11T21:23:15Z",
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE"
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
}, {
"clientMetadata" : {
"requestedAppName" : "test-app",
@@ -236,7 +240,9 @@ $AccessRequest = @"{
"removeDate" : "2020-07-11T21:23:15Z",
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE"
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
}, {
"clientMetadata" : {
"requestedAppName" : "test-app",
@@ -245,7 +251,9 @@ $AccessRequest = @"{
"removeDate" : "2020-07-11T21:23:15Z",
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE"
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
}, {
"clientMetadata" : {
"requestedAppName" : "test-app",
@@ -254,7 +262,9 @@ $AccessRequest = @"{
"removeDate" : "2020-07-11T21:23:15Z",
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE"
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
}, {
"clientMetadata" : {
"requestedAppName" : "test-app",
@@ -263,7 +273,136 @@ $AccessRequest = @"{
"removeDate" : "2020-07-11T21:23:15Z",
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE"
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
} ],
"requestedForWithRequestedItems" : [ {
"identityId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"requestedItems" : [ {
"clientMetadata" : {
"requestedAppName" : "test-app",
"requestedAppId" : "2c91808f7892918f0178b78da4a305a1"
},
"removeDate" : "2020-07-11T21:23:15Z",
"accountSelection" : [ {
"sourceId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"accounts" : [ {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
}, {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
} ]
}, {
"sourceId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"accounts" : [ {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
}, {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
} ]
} ],
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
}, {
"clientMetadata" : {
"requestedAppName" : "test-app",
"requestedAppId" : "2c91808f7892918f0178b78da4a305a1"
},
"removeDate" : "2020-07-11T21:23:15Z",
"accountSelection" : [ {
"sourceId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"accounts" : [ {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
}, {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
} ]
}, {
"sourceId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"accounts" : [ {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
}, {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
} ]
} ],
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
} ]
}, {
"identityId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"requestedItems" : [ {
"clientMetadata" : {
"requestedAppName" : "test-app",
"requestedAppId" : "2c91808f7892918f0178b78da4a305a1"
},
"removeDate" : "2020-07-11T21:23:15Z",
"accountSelection" : [ {
"sourceId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"accounts" : [ {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
}, {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
} ]
}, {
"sourceId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"accounts" : [ {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
}, {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
} ]
} ],
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
}, {
"clientMetadata" : {
"requestedAppName" : "test-app",
"requestedAppId" : "2c91808f7892918f0178b78da4a305a1"
},
"removeDate" : "2020-07-11T21:23:15Z",
"accountSelection" : [ {
"sourceId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"accounts" : [ {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
}, {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
} ]
}, {
"sourceId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"accounts" : [ {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
}, {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
} ]
} ],
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
} ]
} ]
}"@

5
docs/tools/sdk/powershell/Reference/Beta/Methods/BetaRolesApi.md
View File

@@ -218,6 +218,7 @@ $Role = @"{
},
"accessRequestConfig" : {
"commentsRequired" : true,
"reauthorizationRequired" : true,
"approvalSchemes" : [ {
"approverId" : "46c79819-a69f-49a2-becb-12c971ae66c6",
"approverType" : "GOVERNANCE_GROUP"
@@ -541,7 +542,7 @@ Param Type | Name | Data Type | Required | Description
Query | Limit | **Int32** | (optional) (default to 50) | Note that for this API the maximum value for limit is 50. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Offset | **Int32** | (optional) (default to 0) | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Count | **Boolean** | (optional) (default to $false) | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Filters | **String** | (optional) | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq*
Query | Filters | **String** | (optional) | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, ge, le* **modified**: *lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* **dimensional**: *eq*
Query | Sorters | **String** | (optional) | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified**
Query | ForSegmentIds | **String** | (optional) | If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs. If segmentation is currently unavailable, specifying this parameter results in an error.
Query | IncludeUnsegmented | **Boolean** | (optional) (default to $true) | Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.
@@ -569,7 +570,7 @@ $ForSubadmin = "5168015d32f890ca15812c9180835d2e" # String | If provided, filter
$Limit = 50 # Int32 | Note that for this API the maximum value for limit is 50. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 50)
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)
$Filters = 'requestable eq false' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* (optional)
$Filters = 'requestable eq false' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, ge, le* **modified**: *lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* **dimensional**: *eq* (optional)
$Sorters = "name,-modified" # String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified** (optional)
$ForSegmentIds = "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" # String | If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs. If segmentation is currently unavailable, specifying this parameter results in an error. (optional)
$IncludeUnsegmented = $false # Boolean | Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error. (optional) (default to $true)

15
docs/tools/sdk/powershell/Reference/Beta/Methods/BetaServiceDeskIntegrationApi.md
View File

@@ -419,7 +419,7 @@ Update an existing Service Desk integration by ID with a PATCH request.
Param Type | Name | Data Type | Required | Description
------------- | ------------- | ------------- | ------------- | -------------
Path | Id | **String** | True | ID of the Service Desk integration to update
Body | PatchServiceDeskIntegrationRequest | [**PatchServiceDeskIntegrationRequest**](../models/patch-service-desk-integration-request) | True | A list of SDIM update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Only `replace` operations are accepted by this endpoint. A 403 Forbidden Error indicates that a PATCH operation was attempted that is not allowed.
Body | JsonPatchOperation | [**[]JsonPatchOperation**](../models/json-patch-operation) | True | A list of SDIM update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Only `replace` operations are accepted by this endpoint. A 403 Forbidden Error indicates that a PATCH operation was attempted that is not allowed.
### Return type
[**ServiceDeskIntegrationDto**](../models/service-desk-integration-dto)
@@ -442,16 +442,21 @@ Code | Description | Data Type
### Example
```powershell
$Id = "anId" # String | ID of the Service Desk integration to update
$PatchServiceDeskIntegrationRequest = @""@
$JsonPatchOperation = @"{
"op" : "replace",
"path" : "/description",
"value" : "New description"
}"@ # JsonPatchOperation[] | A list of SDIM update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Only `replace` operations are accepted by this endpoint. A 403 Forbidden Error indicates that a PATCH operation was attempted that is not allowed.
# Patch a Service Desk Integration
try {
$Result = ConvertFrom-JsonToPatchServiceDeskIntegrationRequest -Json $PatchServiceDeskIntegrationRequest
Update-BetaServiceDeskIntegration -Id $Id -PatchServiceDeskIntegrationRequest $Result
$Result = ConvertFrom-JsonToJsonPatchOperation -Json $JsonPatchOperation
Update-BetaServiceDeskIntegration -Id $Id -JsonPatchOperation $Result
# Below is a request that includes all optional parameters
# Update-BetaServiceDeskIntegration -Id $Id -PatchServiceDeskIntegrationRequest $Result
# Update-BetaServiceDeskIntegration -Id $Id -JsonPatchOperation $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-BetaServiceDeskIntegration"
Write-Host $_.ErrorDetails

192
docs/tools/sdk/powershell/Reference/Beta/Methods/BetaWorkflowsApi.md
View File

@@ -33,9 +33,9 @@ Method | HTTP request | Description
[**Update-BetaWorkflow**](#patch-workflow) | **PATCH** `/workflows/{id}` | Patch Workflow
[**Submit-BetaExternalExecuteWorkflow**](#post-external-execute-workflow) | **POST** `/workflows/execute/external/{id}` | Execute Workflow via External Trigger
[**Submit-BetaWorkflowExternalTrigger**](#post-workflow-external-trigger) | **POST** `/workflows/{id}/external/oauth-clients` | Generate External Trigger OAuth Client
[**Send-BetaWorkflow**](#put-workflow) | **PUT** `/workflows/{id}` | Update Workflow
[**Test-BetaExternalExecuteWorkflow**](#test-external-execute-workflow) | **POST** `/workflows/execute/external/{id}/test` | Test Workflow via External Trigger
[**Test-BetaWorkflow**](#test-workflow) | **POST** `/workflows/{id}/test` | Test Workflow By Id
[**Update-BetaWorkflow**](#update-workflow) | **PUT** `/workflows/{id}` | Update Workflow
## cancel-workflow-execution
@@ -184,6 +184,7 @@ Get a single workflow by id.
Param Type | Name | Data Type | Required | Description
------------- | ------------- | ------------- | ------------- | -------------
Path | Id | **String** | True | Id of the workflow
Query | WorkflowMetrics | **Boolean** | (optional) (default to $true) | disable workflow metrics
### Return type
[**Workflow**](../models/workflow)
@@ -205,6 +206,7 @@ Code | Description | Data Type
### Example
```powershell
$Id = "c17bea3a-574d-453c-9e04-4365fbf5af0b" # String | Id of the workflow
$WorkflowMetrics = $false # Boolean | disable workflow metrics (optional) (default to $true)
# Get Workflow By Id
@@ -212,7 +214,7 @@ try {
Get-BetaWorkflow -Id $Id
# Below is a request that includes all optional parameters
# Get-BetaWorkflow -Id $Id
# Get-BetaWorkflow -Id $Id -WorkflowMetrics $WorkflowMetrics
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaWorkflow"
Write-Host $_.ErrorDetails
@@ -221,7 +223,7 @@ try {
[[Back to top]](#)
## get-workflow-execution
Use this API to get a single workflow execution. Workflow executions are available for up to 90 days before being archived. If you attempt to access a workflow execution that has been archived, you will receive a "404 Not Found" response.
Get a single workflow execution. Workflow executions are available for up to 90 days before being archived. If you attempt to access a workflow execution that has been archived, you will receive a "404 Not Found" response.
[API Spec](https://developer.sailpoint.com/docs/api/beta/get-workflow-execution)
@@ -572,6 +574,10 @@ List all workflows in the tenant.
### Parameters
Param Type | Name | Data Type | Required | Description
------------- | ------------- | ------------- | ------------- | -------------
Query | Limit | **Int32** | (optional) (default to 250) | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Offset | **Int32** | (optional) (default to 0) | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | TriggerId | **String** | (optional) | Trigger ID
Query | ConnectorInstanceId | **String** | (optional) | Connector Instance ID
### Return type
[**Workflow[]**](../models/workflow)
@@ -592,6 +598,10 @@ Code | Description | Data Type
### Example
```powershell
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$TriggerId = "idn:identity-created" # String | Trigger ID (optional)
$ConnectorInstanceId = "28541fec-bb81-4ad4-88ef-0f7d213adcad" # String | Connector Instance ID (optional)
# List Workflows
@@ -599,7 +609,7 @@ try {
Get-BetaWorkflows
# Below is a request that includes all optional parameters
# Get-BetaWorkflows
# Get-BetaWorkflows -Limit $Limit -Offset $Offset -TriggerId $TriggerId -ConnectorInstanceId $ConnectorInstanceId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaWorkflows"
Write-Host $_.ErrorDetails
@@ -752,6 +762,93 @@ try {
```
[[Back to top]](#)
## put-workflow
Perform a full update of a workflow. The updated workflow object is returned in the response.
[API Spec](https://developer.sailpoint.com/docs/api/beta/put-workflow)
### Parameters
Param Type | Name | Data Type | Required | Description
------------- | ------------- | ------------- | ------------- | -------------
Path | Id | **String** | True | Id of the Workflow
Body | WorkflowBody | [**WorkflowBody**](../models/workflow-body) | True |
### Return type
[**Workflow**](../models/workflow)
### Responses
Code | Description | Data Type
------------- | ------------- | -------------
200 | The Workflow object | Workflow
400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto
401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response
403 | Forbidden - Returned if the user you are running as, doesn&#39;t have access to this end-point. | ErrorResponseDto
429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response
500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto
### HTTP request headers
- **Content-Type**: application/json
- **Accept**: application/json
### Example
```powershell
$Id = "c17bea3a-574d-453c-9e04-4365fbf5af0b" # String | Id of the Workflow
$WorkflowBody = @"{
"owner" : {
"name" : "William Wilson",
"id" : "2c91808568c529c60168cca6f90c1313",
"type" : "IDENTITY"
},
"name" : "Send Email",
"description" : "Send an email to the identity who's attributes changed.",
"definition" : {
"start" : "Send Email Test",
"steps" : {
"Send Email" : {
"actionId" : "sp:send-email",
"attributes" : {
"body" : "This is a test",
"from" : "sailpoint@sailpoint.com",
"recipientId.$" : "$.identity.id",
"subject" : "test"
},
"nextStep" : "success",
"type" : "ACTION"
},
"success" : {
"type" : "success"
}
}
},
"trigger" : {
"displayName" : "displayName",
"attributes" : {
"description" : "Triggered when an identity's manager attribute changes",
"formDefinitionId" : "Admin_Access_Request_Form",
"attributeToFilter" : "LifecycleState",
"id" : "idn:identity-attributes-changed",
"filter.$" : "$.changes[?(@.attribute == 'manager')]"
},
"type" : "EVENT"
},
"enabled" : false
}"@
# Update Workflow
try {
$Result = ConvertFrom-JsonToWorkflowBody -Json $WorkflowBody
Send-BetaWorkflow -Id $Id -WorkflowBody $Result
# Below is a request that includes all optional parameters
# Send-BetaWorkflow -Id $Id -WorkflowBody $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Send-BetaWorkflow"
Write-Host $_.ErrorDetails
}
```
[[Back to top]](#)
## test-external-execute-workflow
Validate a workflow with an "External Trigger" can receive input. The response includes the input that the workflow received, which can be used to validate that the input is intact when it reaches the workflow.
@@ -848,90 +945,3 @@ try {
}
```
[[Back to top]](#)
## update-workflow
Perform a full update of a workflow. The updated workflow object is returned in the response.
[API Spec](https://developer.sailpoint.com/docs/api/beta/update-workflow)
### Parameters
Param Type | Name | Data Type | Required | Description
------------- | ------------- | ------------- | ------------- | -------------
Path | Id | **String** | True | Id of the Workflow
Body | WorkflowBody | [**WorkflowBody**](../models/workflow-body) | True |
### Return type
[**Workflow**](../models/workflow)
### Responses
Code | Description | Data Type
------------- | ------------- | -------------
200 | The Workflow object | Workflow
400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto
401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response
403 | Forbidden - Returned if the user you are running as, doesn&#39;t have access to this end-point. | ErrorResponseDto
429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response
500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto
### HTTP request headers
- **Content-Type**: application/json
- **Accept**: application/json
### Example
```powershell
$Id = "c17bea3a-574d-453c-9e04-4365fbf5af0b" # String | Id of the Workflow
$WorkflowBody = @"{
"owner" : {
"name" : "William Wilson",
"id" : "2c91808568c529c60168cca6f90c1313",
"type" : "IDENTITY"
},
"name" : "Send Email",
"description" : "Send an email to the identity who's attributes changed.",
"definition" : {
"start" : "Send Email Test",
"steps" : {
"Send Email" : {
"actionId" : "sp:send-email",
"attributes" : {
"body" : "This is a test",
"from" : "sailpoint@sailpoint.com",
"recipientId.$" : "$.identity.id",
"subject" : "test"
},
"nextStep" : "success",
"type" : "ACTION"
},
"success" : {
"type" : "success"
}
}
},
"trigger" : {
"displayName" : "displayName",
"attributes" : {
"description" : "Triggered when an identity's manager attribute changes",
"formDefinitionId" : "Admin_Access_Request_Form",
"attributeToFilter" : "LifecycleState",
"id" : "idn:identity-attributes-changed",
"filter.$" : "$.changes[?(@.attribute == 'manager')]"
},
"type" : "EVENT"
},
"enabled" : false
}"@
# Update Workflow
try {
$Result = ConvertFrom-JsonToWorkflowBody -Json $WorkflowBody
Update-BetaWorkflow -Id $Id -WorkflowBody $Result
# Below is a request that includes all optional parameters
# Update-BetaWorkflow -Id $Id -WorkflowBody $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-BetaWorkflow"
Write-Host $_.ErrorDetails
}
```
[[Back to top]](#)

18
docs/tools/sdk/powershell/Reference/Beta/Models/AccessProfile.md
View File

@@ -16,19 +16,19 @@ tags: ['SDK', 'Software Development Kit', 'AccessProfile', 'BetaAccessProfile']
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Id** | **String** | The ID of the Access Profile | [optional] [readonly]
**Name** | **String** | Name of the Access Profile | [required]
**Description** | **String** | Information about the Access Profile | [optional]
**Created** | **System.DateTime** | Date the Access Profile was created | [optional] [readonly]
**Modified** | **System.DateTime** | Date the Access Profile was last modified. | [optional] [readonly]
**Enabled** | **Boolean** | Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement. | [optional] [default to $false]
**Id** | **String** | Access profile ID. | [optional] [readonly]
**Name** | **String** | Access profile name. | [required]
**Description** | **String** | Access profile description. | [optional]
**Created** | **System.DateTime** | Date and time when the access profile was created. | [optional] [readonly]
**Modified** | **System.DateTime** | Date and time when the access profile was last modified. | [optional] [readonly]
**Enabled** | **Boolean** | Indicates whether the access profile is enabled. If it's enabled, you must include at least one entitlement. | [optional] [default to $false]
**Owner** | [**OwnerReference**](owner-reference) | | [required]
**Source** | [**AccessProfileSourceRef**](access-profile-source-ref) | | [required]
**Entitlements** | [**[]EntitlementRef**](entitlement-ref) | A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement. | [optional]
**Requestable** | **Boolean** | Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error. | [optional] [default to $true]
**Entitlements** | [**[]EntitlementRef**](entitlement-ref) | List of entitlements associated with the access profile. If `enabled` is false, this can be empty. Otherwise, it must contain at least one entitlement. | [optional]
**Requestable** | **Boolean** | Indicates whether the access profile is requestable by access request. Currently, making an access profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an access profile with a value **false** in this field results in a 400 error. | [optional] [default to $true]
**AccessRequestConfig** | [**Requestability**](requestability) | | [optional]
**RevocationRequestConfig** | [**Revocability**](revocability) | | [optional]
**Segments** | **[]String** | List of IDs of segments, if any, to which this Access Profile is assigned. | [optional]
**Segments** | **[]String** | List of segment IDs, if any, that the access profile is assigned to. | [optional]
**ProvisioningCriteria** | [**ProvisioningCriteriaLevel1**](provisioning-criteria-level1) | | [optional]
## Examples

4
docs/tools/sdk/powershell/Reference/Beta/Models/AccessProfileApprovalScheme.md
View File

@@ -16,8 +16,8 @@ tags: ['SDK', 'Software Development Kit', 'AccessProfileApprovalScheme', 'BetaAc
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**ApproverType** | **Enum** [ "APP_OWNER", "OWNER", "SOURCE_OWNER", "MANAGER", "GOVERNANCE_GROUP" ] | Describes the individual or group that is responsible for an approval step. Values are as follows. **APP_OWNER**: The owner of the Application **OWNER**: Owner of the associated Access Profile or Role **SOURCE_OWNER**: Owner of the Source associated with an Access Profile **MANAGER**: Manager of the Identity making the request **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field | [optional]
**ApproverId** | **String** | Id of the specific approver, used only when approverType is GOVERNANCE_GROUP | [optional]
**ApproverType** | **Enum** [ "APP_OWNER", "OWNER", "SOURCE_OWNER", "MANAGER", "GOVERNANCE_GROUP" ] | Describes the individual or group that is responsible for an approval step. These are the possible values: **APP_OWNER**: The owner of the Application **OWNER**: Owner of the associated Access Profile or Role **SOURCE_OWNER**: Owner of the Source associated with an Access Profile **MANAGER**: Manager of the Identity making the request **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field | [optional]
**ApproverId** | **String** | Specific approver ID. Only use this when the `approverType` is `GOVERNANCE_GROUP`. | [optional]
## Examples

6
docs/tools/sdk/powershell/Reference/Beta/Models/AccessProfileSourceRef.md
View File

@@ -16,9 +16,9 @@ tags: ['SDK', 'Software Development Kit', 'AccessProfileSourceRef', 'BetaAccessP
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Id** | **String** | The ID of the Source with with which the Access Profile is associated | [optional]
**Type** | **Enum** [ "SOURCE" ] | The type of the Source, will always be SOURCE | [optional]
**Name** | **String** | The display name of the associated Source | [optional]
**Id** | **String** | ID of the source the access profile is associated with. | [optional]
**Type** | **Enum** [ "SOURCE" ] | Source's DTO type. | [optional]
**Name** | **String** | Source name. | [optional]
## Examples

6
docs/tools/sdk/powershell/Reference/Beta/Models/AccessRequest.md
View File

@@ -20,15 +20,17 @@ Name | Type | Description | Notes
**RequestType** | [**AccessRequestType**](access-request-type) | | [optional]
**RequestedItems** | [**[]AccessRequestItem**](access-request-item) | | [required]
**ClientMetadata** | **map[string]String** | Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities. | [optional]
**RequestedForWithRequestedItems** | [**[]RequestedForDtoRef**](requested-for-dto-ref) | Additional submit data structure with requestedFor containing requestedItems allowing distinction for each request item and Identity. * Can only be used when 'requestedFor' and 'requestedItems' are not separately provided * Adds ability to specify which account the user wants the access on, in case they have multiple accounts on a source * Allows the ability to request items with different remove dates * Also allows different combinations of request items and identities in the same request | [optional]
## Examples
- Prepare the resource
```powershell
$AccessRequest = Initialize-PSSailpoint.BetaAccessRequest -RequestedFor null `
$AccessRequest = Initialize-PSSailpoint.BetaAccessRequest -RequestedFor 2c918084660f45d6016617daa9210584 `
-RequestType null `
-RequestedItems null `
-ClientMetadata {requestedAppId=2c91808f7892918f0178b78da4a305a1, requestedAppName=test-app}
-ClientMetadata {requestedAppId=2c91808f7892918f0178b78da4a305a1, requestedAppName=test-app} `
-RequestedForWithRequestedItems null
```
- Convert the resource to JSON

6
docs/tools/sdk/powershell/Reference/Beta/Models/AccessRequestItem.md
View File

@@ -21,6 +21,8 @@ Name | Type | Description | Notes
**Comment** | **String** | Comment provided by requester. * Comment is required when the request is of type Revoke Access. | [optional]
**ClientMetadata** | **map[string]String** | Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status. | [optional]
**RemoveDate** | **System.DateTime** | The date the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date. * Specify a date in the future. * The current SLA for the deprovisioning is 24 hours. * This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. You can change the expiration date for requests for yourself or direct reports, but you cannot remove an expiration date on an already approved item. If the access request has not been approved, you can cancel it and submit a new one without the expiration. If it has already been approved, then you have to revoke the access and then re-request without the expiration. | [optional]
**AssignmentId** | **String** | The assignmentId for a specific role assignment on the identity. This id is used to revoke that specific roleAssignment on that identity. * For use with REVOKE_ACCESS requests for roles for identities with multiple accounts on a single source. | [optional]
**NativeIdentity** | **String** | The 'distinguishedName' field for an account on the identity, also called nativeIdentity. This nativeIdentity is used to revoke a specific attributeAssignment on the identity. * For use with REVOKE_ACCESS requests for entitlements for identities with multiple accounts on a single source. | [optional]
## Examples
@@ -30,7 +32,9 @@ $AccessRequestItem = Initialize-PSSailpoint.BetaAccessRequestItem -Type ACCESS_
-Id 2c9180835d2e5168015d32f890ca1581 `
-Comment Requesting access profile for John Doe `
-ClientMetadata {requestedAppName=test-app, requestedAppId=2c91808f7892918f0178b78da4a305a1} `
-RemoveDate 2020-07-11T21:23:15Z
-RemoveDate 2020-07-11T21:23:15Z `
-AssignmentId ee48a191c00d49bf9264eb0a4fc3a9fc `
-NativeIdentity CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN
```
- Convert the resource to JSON

37
docs/tools/sdk/powershell/Reference/Beta/Models/AccountItemRef.md Normal file
View File

@@ -0,0 +1,37 @@
---
id: beta-account-item-ref
title: AccountItemRef
pagination_label: AccountItemRef
sidebar_label: AccountItemRef
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'AccountItemRef', 'BetaAccountItemRef']
slug: /tools/sdk/powershell/beta/models/account-item-ref
tags: ['SDK', 'Software Development Kit', 'AccountItemRef', 'BetaAccountItemRef']
---
# AccountItemRef
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**AccountUuid** | **String** | The uuid for the account, available under the 'objectguid' attribute | [optional]
**NativeIdentity** | **String** | The 'distinguishedName' attribute for the account | [optional]
## Examples
- Prepare the resource
```powershell
$AccountItemRef = Initialize-PSSailpoint.BetaAccountItemRef -AccountUuid {fab7119e-004f-4822-9c33-b8d570d6c6a6} `
-NativeIdentity CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local
```
- Convert the resource to JSON
```powershell
$AccountItemRef | ConvertTo-JSON
```
[[Back to top]](#)

2
docs/tools/sdk/powershell/Reference/Beta/Models/AccountUsage.md
View File

@@ -23,7 +23,7 @@ Name | Type | Description | Notes
- Prepare the resource
```powershell
$AccountUsage = Initialize-PSSailpoint.BetaAccountUsage -Date Fri Apr 21 00:00:00 UTC 2023 `
$AccountUsage = Initialize-PSSailpoint.BetaAccountUsage -Date Thu Apr 20 20:00:00 EDT 2023 `
-Count 10
```

2
docs/tools/sdk/powershell/Reference/Beta/Models/AttributeDefinitionType.md
View File

@@ -23,6 +23,8 @@ tags: ['SDK', 'Software Development Kit', 'AttributeDefinitionType', 'BetaAttrib
* `BOOLEAN` (value: `"BOOLEAN"`)
* `DATE` (value: `"DATE"`)
[[Back to top]](#)

4
docs/tools/sdk/powershell/Reference/Beta/Models/NonEmployeeRequestWithoutApprovalItem.md
View File

@@ -51,8 +51,8 @@ $NonEmployeeRequestWithoutApprovalItem = Initialize-PSSailpoint.BetaNonEmployeeR
-ApprovalStatus null `
-Comment approved `
-CompletionDate 2020-03-24T11:11:41.139-05:00 `
-StartDate Tue Mar 24 00:00:00 UTC 2020 `
-EndDate Thu Mar 25 00:00:00 UTC 2021 `
-StartDate Mon Mar 23 20:00:00 EDT 2020 `
-EndDate Wed Mar 24 20:00:00 EDT 2021 `
-Modified 2020-03-24T11:11:41.139-05:00 `
-Created 2020-03-24T11:11:41.139-05:00
```

4
docs/tools/sdk/powershell/Reference/Beta/Models/OwnerReference.md
View File

@@ -17,8 +17,8 @@ tags: ['SDK', 'Software Development Kit', 'OwnerReference', 'BetaOwnerReference'
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Type** | **Enum** [ "IDENTITY" ] | Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result. | [optional]
**Id** | **String** | Identity id | [optional]
**Name** | **String** | Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result. | [optional]
**Id** | **String** | Owner's identity ID. | [optional]
**Name** | **String** | Owner's name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result. | [optional]
## Examples

35
docs/tools/sdk/powershell/Reference/Beta/Models/PatchServiceDeskIntegrationRequest.md
View File

@@ -1,35 +0,0 @@
---
id: beta-patch-service-desk-integration-request
title: PatchServiceDeskIntegrationRequest
pagination_label: PatchServiceDeskIntegrationRequest
sidebar_label: PatchServiceDeskIntegrationRequest
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'PatchServiceDeskIntegrationRequest', 'BetaPatchServiceDeskIntegrationRequest']
slug: /tools/sdk/powershell/beta/models/patch-service-desk-integration-request
tags: ['SDK', 'Software Development Kit', 'PatchServiceDeskIntegrationRequest', 'BetaPatchServiceDeskIntegrationRequest']
---
# PatchServiceDeskIntegrationRequest
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Operations** | [**[]JsonPatchOperation**](json-patch-operation) | Operations to be applied | [optional]
## Examples
- Prepare the resource
```powershell
$PatchServiceDeskIntegrationRequest = Initialize-PSSailpoint.BetaPatchServiceDeskIntegrationRequest -Operations null
```
- Convert the resource to JSON
```powershell
$PatchServiceDeskIntegrationRequest | ConvertTo-JSON
```
[[Back to top]](#)

6
docs/tools/sdk/powershell/Reference/Beta/Models/ProvisioningCriteriaLevel1.md
View File

@@ -17,9 +17,9 @@ tags: ['SDK', 'Software Development Kit', 'ProvisioningCriteriaLevel1', 'BetaPro
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Operation** | [**ProvisioningCriteriaOperation**](provisioning-criteria-operation) | | [optional]
**Attribute** | **String** | Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error. | [optional]
**Value** | **String** | String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type. | [optional]
**Children** | [**[]ProvisioningCriteriaLevel2**](provisioning-criteria-level2) | Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. | [optional]
**Attribute** | **String** | Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error. | [optional]
**Value** | **String** | String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type. | [optional]
**Children** | [**[]ProvisioningCriteriaLevel2**](provisioning-criteria-level2) | Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. | [optional]
## Examples

6
docs/tools/sdk/powershell/Reference/Beta/Models/ProvisioningCriteriaLevel2.md
View File

@@ -17,9 +17,9 @@ tags: ['SDK', 'Software Development Kit', 'ProvisioningCriteriaLevel2', 'BetaPro
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Operation** | [**ProvisioningCriteriaOperation**](provisioning-criteria-operation) | | [optional]
**Attribute** | **String** | Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error. | [optional]
**Value** | **String** | String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type. | [optional]
**Children** | [**[]ProvisioningCriteriaLevel3**](provisioning-criteria-level3) | Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. | [optional]
**Attribute** | **String** | Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error. | [optional]
**Value** | **String** | String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type. | [optional]
**Children** | [**[]ProvisioningCriteriaLevel3**](provisioning-criteria-level3) | Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. | [optional]
## Examples

6
docs/tools/sdk/powershell/Reference/Beta/Models/ProvisioningCriteriaLevel3.md
View File

@@ -17,9 +17,9 @@ tags: ['SDK', 'Software Development Kit', 'ProvisioningCriteriaLevel3', 'BetaPro
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Operation** | [**ProvisioningCriteriaOperation**](provisioning-criteria-operation) | | [optional]
**Attribute** | **String** | Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error. | [optional]
**Value** | **String** | String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type. | [optional]
**Children** | **String** | Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. | [optional]
**Attribute** | **String** | Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error. | [optional]
**Value** | **String** | String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type. | [optional]
**Children** | **String** | Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. | [optional]
## Examples

8
docs/tools/sdk/powershell/Reference/Beta/Models/Requestability.md
View File

@@ -16,9 +16,10 @@ tags: ['SDK', 'Software Development Kit', 'Requestability', 'BetaRequestability'
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**CommentsRequired** | **Boolean** | Whether the requester of the containing object must provide comments justifying the request | [optional] [default to $false]
**DenialCommentsRequired** | **Boolean** | Whether an approver must provide comments when denying the request | [optional] [default to $false]
**ApprovalSchemes** | [**[]AccessProfileApprovalScheme**](access-profile-approval-scheme) | List describing the steps in approving the request | [optional]
**CommentsRequired** | **Boolean** | Indicates whether the requester of the containing object must provide comments justifying the request. | [optional] [default to $false]
**DenialCommentsRequired** | **Boolean** | Indicates whether an approver must provide comments when denying the request. | [optional] [default to $false]
**ReauthorizationRequired** | **Boolean** | Indicates whether reauthorization is required for the request. | [optional] [default to $false]
**ApprovalSchemes** | [**[]AccessProfileApprovalScheme**](access-profile-approval-scheme) | List describing the steps involved in approving the request. | [optional]
## Examples
@@ -26,6 +27,7 @@ Name | Type | Description | Notes
```powershell
$Requestability = Initialize-PSSailpoint.BetaRequestability -CommentsRequired true `
-DenialCommentsRequired true `
-ReauthorizationRequired true `
-ApprovalSchemes null
```

2
docs/tools/sdk/powershell/Reference/Beta/Models/RequestabilityForRole.md
View File

@@ -18,6 +18,7 @@ Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**CommentsRequired** | **Boolean** | Whether the requester of the containing object must provide comments justifying the request | [optional] [default to $false]
**DenialCommentsRequired** | **Boolean** | Whether an approver must provide comments when denying the request | [optional] [default to $false]
**ReauthorizationRequired** | **Boolean** | Indicates whether reauthorization is required for the request. | [optional] [default to $false]
**ApprovalSchemes** | [**[]ApprovalSchemeForRole**](approval-scheme-for-role) | List describing the steps in approving the request | [optional]
## Examples
@@ -26,6 +27,7 @@ Name | Type | Description | Notes
```powershell
$RequestabilityForRole = Initialize-PSSailpoint.BetaRequestabilityForRole -CommentsRequired true `
-DenialCommentsRequired true `
-ReauthorizationRequired true `
-ApprovalSchemes null
```

37
docs/tools/sdk/powershell/Reference/Beta/Models/RequestedForDtoRef.md Normal file
View File

@@ -0,0 +1,37 @@
---
id: beta-requested-for-dto-ref
title: RequestedForDtoRef
pagination_label: RequestedForDtoRef
sidebar_label: RequestedForDtoRef
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'RequestedForDtoRef', 'BetaRequestedForDtoRef']
slug: /tools/sdk/powershell/beta/models/requested-for-dto-ref
tags: ['SDK', 'Software Development Kit', 'RequestedForDtoRef', 'BetaRequestedForDtoRef']
---
# RequestedForDtoRef
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**IdentityId** | **String** | The identity id for which the access is requested | [required]
**RequestedItems** | [**[]RequestedItemDtoRef**](requested-item-dto-ref) | the details for the access items that are requested for the identity | [required]
## Examples
- Prepare the resource
```powershell
$RequestedForDtoRef = Initialize-PSSailpoint.BetaRequestedForDtoRef -IdentityId cb89bc2f1ee6445fbea12224c526ba3a `
-RequestedItems null
```
- Convert the resource to JSON
```powershell
$RequestedForDtoRef | ConvertTo-JSON
```
[[Back to top]](#)

49
docs/tools/sdk/powershell/Reference/Beta/Models/RequestedItemDtoRef.md Normal file
View File

@@ -0,0 +1,49 @@
---
id: beta-requested-item-dto-ref
title: RequestedItemDtoRef
pagination_label: RequestedItemDtoRef
sidebar_label: RequestedItemDtoRef
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'RequestedItemDtoRef', 'BetaRequestedItemDtoRef']
slug: /tools/sdk/powershell/beta/models/requested-item-dto-ref
tags: ['SDK', 'Software Development Kit', 'RequestedItemDtoRef', 'BetaRequestedItemDtoRef']
---
# RequestedItemDtoRef
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Type** | **Enum** [ "ACCESS_PROFILE", "ROLE", "ENTITLEMENT" ] | The type of the item being requested. | [required]
**Id** | **String** | ID of Role, Access Profile or Entitlement being requested. | [required]
**Comment** | **String** | Comment provided by requester. * Comment is required when the request is of type Revoke Access. | [optional]
**ClientMetadata** | **map[string]String** | Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status. | [optional]
**RemoveDate** | **System.DateTime** | The date the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date. * Specify a date in the future. * The current SLA for the deprovisioning is 24 hours. * This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. You can change the expiration date for requests for yourself or direct reports, but you cannot remove an expiration date on an already approved item. If the access request has not been approved, you can cancel it and submit a new one without the expiration. If it has already been approved, then you have to revoke the access and then re-request without the expiration. | [optional]
**AssignmentId** | **String** | The assignmentId for a specific role assignment on the identity. This id is used to revoke that specific roleAssignment on that identity. * For use with REVOKE_ACCESS requests for roles for identities with multiple accounts on a single source. | [optional]
**NativeIdentity** | **String** | The 'distinguishedName' field for an account on the identity, also called nativeIdentity. This nativeIdentity is used to revoke a specific attributeAssignment on the identity. * For use with REVOKE_ACCESS requests for entitlements for identities with multiple accounts on a single source. | [optional]
**AccountSelection** | [**[]SourceItemRef**](source-item-ref) | The accounts where the access item will be provisioned to * Includes selections performed by the user in the event of multiple accounts existing on the same source * Also includes details for sources where user only has one account | [optional]
## Examples
- Prepare the resource
```powershell
$RequestedItemDtoRef = Initialize-PSSailpoint.BetaRequestedItemDtoRef -Type ACCESS_PROFILE `
-Id 2c9180835d2e5168015d32f890ca1581 `
-Comment Requesting access profile for John Doe `
-ClientMetadata {requestedAppName=test-app, requestedAppId=2c91808f7892918f0178b78da4a305a1} `
-RemoveDate 2020-07-11T21:23:15Z `
-AssignmentId ee48a191c00d49bf9264eb0a4fc3a9fc `
-NativeIdentity CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN `
-AccountSelection null
```
- Convert the resource to JSON
```powershell
$RequestedItemDtoRef | ConvertTo-JSON
```
[[Back to top]](#)

2
docs/tools/sdk/powershell/Reference/Beta/Models/Revocability.md
View File

@@ -16,7 +16,7 @@ tags: ['SDK', 'Software Development Kit', 'Revocability', 'BetaRevocability']
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**ApprovalSchemes** | [**[]AccessProfileApprovalScheme**](access-profile-approval-scheme) | List describing the steps in approving the revocation request | [optional]
**ApprovalSchemes** | [**[]AccessProfileApprovalScheme**](access-profile-approval-scheme) | List describing the steps involved in approving the revocation request. | [optional]
## Examples

2
docs/tools/sdk/powershell/Reference/Beta/Models/Schema.md
View File

@@ -22,7 +22,7 @@ Name | Type | Description | Notes
**IdentityAttribute** | **String** | The name of the attribute used to calculate the unique identifier for an object in the schema. | [optional]
**DisplayAttribute** | **String** | The name of the attribute used to calculate the display value for an object in the schema. | [optional]
**HierarchyAttribute** | **String** | The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. | [optional]
**IncludePermissions** | **Boolean** | Flag indicating whether or not the include permissions with the object data when aggregating the schema. | [optional]
**IncludePermissions** | **Boolean** | Flag indicating whether or not the include permissions with the object data when aggregating the schema. | [optional] [default to $false]
**Features** | **[]String** | Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors. * AUTHENTICATE: The source supports pass-through authentication. * COMPOSITE: The source supports composite source creation. * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. * ENABLE The source supports reading if an account is enabled or disabled. * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. * SEARCH * TEMPLATE * UNLOCK: The source supports reading if an account is locked or unlocked. * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. * SYNC_PROVISIONING: The source can provision accounts synchronously. * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. * CURRENT_PASSWORD: Some source types support verification of the current password * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. * NO_AGGREGATION: A source that does not support aggregation. * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. * USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure. * PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning. * ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM * ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM * ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM | [optional]
**Configuration** | [**SystemCollectionsHashtable**]https://learn.microsoft.com/en-us/dotnet/api/system.collections.hashtable?view=net-9.0 | Holds any extra configuration data that the schema may require. | [optional]
**Attributes** | [**[]AttributeDefinition**](attribute-definition) | The attribute definitions which form the schema. | [optional]

37
docs/tools/sdk/powershell/Reference/Beta/Models/SourceItemRef.md Normal file
View File

@@ -0,0 +1,37 @@
---
id: beta-source-item-ref
title: SourceItemRef
pagination_label: SourceItemRef
sidebar_label: SourceItemRef
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'SourceItemRef', 'BetaSourceItemRef']
slug: /tools/sdk/powershell/beta/models/source-item-ref
tags: ['SDK', 'Software Development Kit', 'SourceItemRef', 'BetaSourceItemRef']
---
# SourceItemRef
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**SourceId** | **String** | The id for the source on which account selections are made | [optional]
**Accounts** | [**[]AccountItemRef**](account-item-ref) | A list of account selections on the source. Currently, only one selection per source is supported. | [optional]
## Examples
- Prepare the resource
```powershell
$SourceItemRef = Initialize-PSSailpoint.BetaSourceItemRef -SourceId cb89bc2f1ee6445fbea12224c526ba3a `
-Accounts null
```
- Convert the resource to JSON
```powershell
$SourceItemRef | ConvertTo-JSON
```
[[Back to top]](#)

2
docs/tools/sdk/powershell/Reference/Beta/Models/SourceUsage.md
View File

@@ -23,7 +23,7 @@ Name | Type | Description | Notes
- Prepare the resource
```powershell
$SourceUsage = Initialize-PSSailpoint.BetaSourceUsage -Date Fri Apr 21 00:00:00 UTC 2023 `
$SourceUsage = Initialize-PSSailpoint.BetaSourceUsage -Date Thu Apr 20 20:00:00 EDT 2023 `
-Count 10.45
```

2
docs/tools/sdk/powershell/Reference/Beta/Models/WorkflowExecution.md
View File

@@ -21,7 +21,7 @@ Name | Type | Description | Notes
**RequestId** | **String** | Backend ID that tracks a workflow request in the system. Provide this ID in a customer support ticket for debugging purposes. | [optional]
**StartTime** | **System.DateTime** | Date/time when the workflow started. | [optional]
**CloseTime** | **System.DateTime** | Date/time when the workflow ended. | [optional]
**Status** | **Enum** [ "Completed", "Failed", "Canceled", "Running" ] | Workflow execution status. | [optional]
**Status** | **Enum** [ "Completed", "Failed", "Canceled", "Queued", "Running" ] | Workflow execution status. | [optional]
## Examples

8
docs/tools/sdk/powershell/Reference/V2024/Methods/V2024AccessProfilesApi.md
View File

@@ -63,8 +63,9 @@ Method | HTTP request | Description
## create-access-profile
Create an access profile.
A user with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the access profile's Source.
A user with `ROLE_SUBADMIN` or `SOURCE_SUBADMIN` authority must be associated with the access profile's source.
The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles. However, any new access profiles as well as any updates to existing descriptions are limited to 2000 characters.
>**Note:** To use this endpoint, you need all the listed scopes.
[API Spec](https://developer.sailpoint.com/docs/api/v2024/create-access-profile)
@@ -127,6 +128,7 @@ $AccessProfile = @"{
"segments" : [ "f7b1b8a3-5fed-4fd4-ad29-82014e137e19", "29cb6c06-1da8-43ea-8be4-b3125f248f2a" ],
"accessRequestConfig" : {
"commentsRequired" : true,
"reauthorizationRequired" : true,
"approvalSchemes" : [ {
"approverId" : "46c79819-a69f-49a2-becb-12c971ae66c6",
"approverType" : "GOVERNANCE_GROUP"
@@ -411,7 +413,7 @@ Param Type | Name | Data Type | Required | Description
Query | Limit | **Int32** | (optional) (default to 250) | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Offset | **Int32** | (optional) (default to 0) | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Count | **Boolean** | (optional) (default to $false) | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Filters | **String** | (optional) | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* **source.id**: *eq, in* Supported composite operators are *and, or* Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names.
Query | Filters | **String** | (optional) | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* **source.id**: *eq, in* Supported composite operators are *and, or* Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names.
Query | Sorters | **String** | (optional) | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified**
Query | ForSegmentIds | **String** | (optional) | Filters access profiles to only those assigned to the segment(s) with the specified IDs. If segmentation is currently unavailable, specifying this parameter results in an error.
Query | IncludeUnsegmented | **Boolean** | (optional) (default to $true) | Indicates whether the response list should contain unsegmented access profiles. If `for-segment-ids` is absent or empty, specifying *include-unsegmented* as `false` results in an error.
@@ -439,7 +441,7 @@ $ForSubadmin = "8c190e6787aa4ed9a90bd9d5344523fb" # String | Filters the returne
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)
$Filters = 'name eq "SailPoint Support"' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* **source.id**: *eq, in* Supported composite operators are *and, or* Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names. (optional)
$Filters = 'name eq "SailPoint Support"' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* **source.id**: *eq, in* Supported composite operators are *and, or* Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names. (optional)
$Sorters = "name,-modified" # String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified** (optional)
$ForSegmentIds = "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" # String | Filters access profiles to only those assigned to the segment(s) with the specified IDs. If segmentation is currently unavailable, specifying this parameter results in an error. (optional)
$IncludeUnsegmented = $false # Boolean | Indicates whether the response list should contain unsegmented access profiles. If `for-segment-ids` is absent or empty, specifying *include-unsegmented* as `false` results in an error. (optional) (default to $true)

4
docs/tools/sdk/powershell/Reference/V2024/Methods/V2024AccessRequestApprovalsApi.md
View File

@@ -318,7 +318,7 @@ Param Type | Name | Data Type | Required | Description
Query | Limit | **Int32** | (optional) (default to 250) | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Offset | **Int32** | (optional) (default to 0) | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Count | **Boolean** | (optional) (default to $false) | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Filters | **String** | (optional) | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **requestedFor.id**: *eq, in* **modified**: *gt, lt, ge, le, eq, in* **accessRequestId**: *eq, in*
Query | Filters | **String** | (optional) | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **requestedFor.id**: *eq, in* **modified**: *gt, lt, ge, le, eq, in* **accessRequestId**: *eq, in* **created**: *gt, lt, ge, le, eq, in*
Query | Sorters | **String** | (optional) | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created, modified**
### Return type
@@ -344,7 +344,7 @@ $OwnerId = "2c91808568c529c60168cca6f90c1313" # String | If present, the value r
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)
$Filters = 'id eq "2c91808568c529c60168cca6f90c1313"' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **requestedFor.id**: *eq, in* **modified**: *gt, lt, ge, le, eq, in* **accessRequestId**: *eq, in* (optional)
$Filters = 'id eq "2c91808568c529c60168cca6f90c1313"' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **requestedFor.id**: *eq, in* **modified**: *gt, lt, ge, le, eq, in* **accessRequestId**: *eq, in* **created**: *gt, lt, ge, le, eq, in* (optional)
$Sorters = "modified" # String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created, modified** (optional)
# Pending Access Request Approvals List

264
docs/tools/sdk/powershell/Reference/V2024/Methods/V2024AccessRequestsApi.md
View File

@@ -40,6 +40,7 @@ Method | HTTP request | Description
[**Get-V2024AccessRequestConfig**](#get-access-request-config) | **GET** `/access-request-config` | Get Access Request Configuration
[**Get-V2024AccessRequestStatus**](#list-access-request-status) | **GET** `/access-request-status` | Access Request Status
[**Get-V2024AdministratorsAccessRequestStatus**](#list-administrators-access-request-status) | **GET** `/access-request-administration` | Access Request Status for Administrators
[**Invoke-V2024LoadAccountSelections**](#load-account-selections) | **POST** `/access-requests/accounts-selection` | Get accounts selections for identity
[**Set-V2024AccessRequestConfig**](#set-access-request-config) | **PUT** `/access-request-config` | Update Access Request Configuration
@@ -283,6 +284,7 @@ __GRANT_ACCESS__
* Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others.
* Roles, access profiles and entitlements can be requested.
* While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.
* Now supports an alternate field 'requestedForWithRequestedItems' for users to specify account selections while requesting items where they have more than one account on the source.
__REVOKE_ACCESS__
* Can only be requested for a single identity at a time.
@@ -293,6 +295,7 @@ __REVOKE_ACCESS__
* Revoke requests for entitlements are limited to 1 entitlement per access request currently.
* You can specify a `removeDate` if the access doesn't already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.
* Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone.
* Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of 'assignmentId' and 'nativeIdentity' fields.
[API Spec](https://developer.sailpoint.com/docs/api/v2024/create-access-request)
@@ -322,7 +325,7 @@ Code | Description | Data Type
### Example
```powershell
$AccessRequest = @"{
"requestedFor" : [ "2c918084660f45d6016617daa9210584", "2c918084660f45d6016617daa9210584" ],
"requestedFor" : "2c918084660f45d6016617daa9210584",
"clientMetadata" : {
"requestedAppId" : "2c91808f7892918f0178b78da4a305a1",
"requestedAppName" : "test-app"
@@ -336,7 +339,9 @@ $AccessRequest = @"{
"removeDate" : "2020-07-11T21:23:15Z",
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE"
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
}, {
"clientMetadata" : {
"requestedAppName" : "test-app",
@@ -345,7 +350,9 @@ $AccessRequest = @"{
"removeDate" : "2020-07-11T21:23:15Z",
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE"
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
}, {
"clientMetadata" : {
"requestedAppName" : "test-app",
@@ -354,7 +361,9 @@ $AccessRequest = @"{
"removeDate" : "2020-07-11T21:23:15Z",
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE"
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
}, {
"clientMetadata" : {
"requestedAppName" : "test-app",
@@ -363,7 +372,9 @@ $AccessRequest = @"{
"removeDate" : "2020-07-11T21:23:15Z",
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE"
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
}, {
"clientMetadata" : {
"requestedAppName" : "test-app",
@@ -372,7 +383,136 @@ $AccessRequest = @"{
"removeDate" : "2020-07-11T21:23:15Z",
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE"
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
} ],
"requestedForWithRequestedItems" : [ {
"identityId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"requestedItems" : [ {
"clientMetadata" : {
"requestedAppName" : "test-app",
"requestedAppId" : "2c91808f7892918f0178b78da4a305a1"
},
"removeDate" : "2020-07-11T21:23:15Z",
"accountSelection" : [ {
"sourceId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"accounts" : [ {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
}, {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
} ]
}, {
"sourceId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"accounts" : [ {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
}, {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
} ]
} ],
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
}, {
"clientMetadata" : {
"requestedAppName" : "test-app",
"requestedAppId" : "2c91808f7892918f0178b78da4a305a1"
},
"removeDate" : "2020-07-11T21:23:15Z",
"accountSelection" : [ {
"sourceId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"accounts" : [ {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
}, {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
} ]
}, {
"sourceId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"accounts" : [ {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
}, {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
} ]
} ],
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
} ]
}, {
"identityId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"requestedItems" : [ {
"clientMetadata" : {
"requestedAppName" : "test-app",
"requestedAppId" : "2c91808f7892918f0178b78da4a305a1"
},
"removeDate" : "2020-07-11T21:23:15Z",
"accountSelection" : [ {
"sourceId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"accounts" : [ {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
}, {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
} ]
}, {
"sourceId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"accounts" : [ {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
}, {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
} ]
} ],
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
}, {
"clientMetadata" : {
"requestedAppName" : "test-app",
"requestedAppId" : "2c91808f7892918f0178b78da4a305a1"
},
"removeDate" : "2020-07-11T21:23:15Z",
"accountSelection" : [ {
"sourceId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"accounts" : [ {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
}, {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
} ]
}, {
"sourceId" : "cb89bc2f1ee6445fbea12224c526ba3a",
"accounts" : [ {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
}, {
"accountUuid" : "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"nativeIdentity" : "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local"
} ]
} ],
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
} ]
} ]
}"@
@@ -563,6 +703,118 @@ try {
```
[[Back to top]](#)
## load-account-selections
Use this API to fetch account information for an identity against the items in an access request.
Used to fetch accountSelection for the AccessRequest prior to submitting for async processing.
[API Spec](https://developer.sailpoint.com/docs/api/v2024/load-account-selections)
### Parameters
Param Type | Name | Data Type | Required | Description
------------- | ------------- | ------------- | ------------- | -------------
Body | AccountsSelectionRequest | [**AccountsSelectionRequest**](../models/accounts-selection-request) | True |
### Return type
[**AccountsSelectionResponse**](../models/accounts-selection-response)
### Responses
Code | Description | Data Type
------------- | ------------- | -------------
200 | Accounts Selection Response | AccountsSelectionResponse
400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto
401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response
403 | Forbidden - Returned if the user you are running as, doesn&#39;t have access to this end-point. | ErrorResponseDto
429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response
500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto
### HTTP request headers
- **Content-Type**: application/json
- **Accept**: application/json
### Example
```powershell
$AccountsSelectionRequest = @"{
"requestedFor" : "2c918084660f45d6016617daa9210584",
"clientMetadata" : {
"requestedAppId" : "2c91808f7892918f0178b78da4a305a1",
"requestedAppName" : "test-app"
},
"requestType" : "GRANT_ACCESS",
"requestedItems" : [ {
"clientMetadata" : {
"requestedAppName" : "test-app",
"requestedAppId" : "2c91808f7892918f0178b78da4a305a1"
},
"removeDate" : "2020-07-11T21:23:15Z",
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
}, {
"clientMetadata" : {
"requestedAppName" : "test-app",
"requestedAppId" : "2c91808f7892918f0178b78da4a305a1"
},
"removeDate" : "2020-07-11T21:23:15Z",
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
}, {
"clientMetadata" : {
"requestedAppName" : "test-app",
"requestedAppId" : "2c91808f7892918f0178b78da4a305a1"
},
"removeDate" : "2020-07-11T21:23:15Z",
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
}, {
"clientMetadata" : {
"requestedAppName" : "test-app",
"requestedAppId" : "2c91808f7892918f0178b78da4a305a1"
},
"removeDate" : "2020-07-11T21:23:15Z",
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
}, {
"clientMetadata" : {
"requestedAppName" : "test-app",
"requestedAppId" : "2c91808f7892918f0178b78da4a305a1"
},
"removeDate" : "2020-07-11T21:23:15Z",
"comment" : "Requesting access profile for John Doe",
"id" : "2c9180835d2e5168015d32f890ca1581",
"type" : "ACCESS_PROFILE",
"assignmentId" : "ee48a191c00d49bf9264eb0a4fc3a9fc",
"nativeIdentity" : "CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN"
} ]
}"@
# Get accounts selections for identity
try {
$Result = ConvertFrom-JsonToAccountsSelectionRequest -Json $AccountsSelectionRequest
Invoke-V2024LoadAccountSelections -AccountsSelectionRequest $Result
# Below is a request that includes all optional parameters
# Invoke-V2024LoadAccountSelections -AccountsSelectionRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Invoke-V2024LoadAccountSelections"
Write-Host $_.ErrorDetails
}
```
[[Back to top]](#)
## set-access-request-config
This endpoint replaces the current access-request configuration.

4
docs/tools/sdk/powershell/Reference/V2024/Methods/V2024CertificationCampaignsApi.md
View File

@@ -706,12 +706,12 @@ Path | Id | **String** | True | ID of the campaign to be retrieved.
Query | Detail | **String** | (optional) | Determines whether slim, or increased level of detail is provided for each campaign in the returned list. Slim is the default behavior.
### Return type
[**GetActiveCampaigns200ResponseInner**](../models/get-active-campaigns200-response-inner)
[**GetCampaign200Response**](../models/get-campaign200-response)
### Responses
Code | Description | Data Type
------------- | ------------- | -------------
200 | Requested campaign object. | GetActiveCampaigns200ResponseInner
200 | Requested campaign object. | GetCampaign200Response
400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto
401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response
403 | Forbidden - Returned if the user you are running as, doesn&#39;t have access to this end-point. | ErrorResponseDto

2
docs/tools/sdk/powershell/Reference/V2024/Methods/V2024ConfigurationHubApi.md
View File

@@ -252,7 +252,7 @@ Code | Description | Data Type
### Example
```powershell
$ScheduledActionPayload = @"{
"cronString" : "0 0 12 * * ?",
"cronString" : "0 0 12 * * * *",
"timeZoneId" : "America/Chicago",
"startTime" : "2024-08-16T14:16:58.389Z",
"jobType" : "BACKUP",

295
docs/tools/sdk/powershell/Reference/V2024/Methods/V2024GlobalTenantSecuritySettingsApi.md
View File

@@ -21,8 +21,14 @@ All URIs are relative to *https://sailpoint.api.identitynow.com/v2024*
Method | HTTP request | Description
------------- | ------------- | -------------
[**New-V2024AuthOrgNetworkConfig**](#create-auth-org-network-config) | **POST** `/auth-org/network-config` | Create security network configuration.
[**Get-V2024AuthOrgLockoutConfig**](#get-auth-org-lockout-config) | **GET** `/auth-org/lockout-config` | Get Auth Org Lockout Configuration.
[**Get-V2024AuthOrgNetworkConfig**](#get-auth-org-network-config) | **GET** `/auth-org/network-config` | Get security network configuration.
[**Get-V2024AuthOrgServiceProviderConfig**](#get-auth-org-service-provider-config) | **GET** `/auth-org/service-provider-config` | Get Service Provider Configuration.
[**Get-V2024AuthOrgSessionConfig**](#get-auth-org-session-config) | **GET** `/auth-org/session-config` | Get Auth Org Session Configuration.
[**Update-V2024AuthOrgLockoutConfig**](#patch-auth-org-lockout-config) | **PATCH** `/auth-org/lockout-config` | Update Auth Org Lockout Configuration
[**Update-V2024AuthOrgNetworkConfig**](#patch-auth-org-network-config) | **PATCH** `/auth-org/network-config` | Update security network configuration.
[**Update-V2024AuthOrgServiceProviderConfig**](#patch-auth-org-service-provider-config) | **PATCH** `/auth-org/service-provider-config` | Update Service Provider Configuration
[**Update-V2024AuthOrgSessionConfig**](#patch-auth-org-session-config) | **PATCH** `/auth-org/session-config` | Update Auth Org Session Configuration
## create-auth-org-network-config
@@ -76,6 +82,50 @@ try {
```
[[Back to top]](#)
## get-auth-org-lockout-config
This API returns the details of an org's lockout auth configuration.
[API Spec](https://developer.sailpoint.com/docs/api/v2024/get-auth-org-lockout-config)
### Parameters
Param Type | Name | Data Type | Required | Description
------------- | ------------- | ------------- | ------------- | -------------
### Return type
[**LockoutConfiguration**](../models/lockout-configuration)
### Responses
Code | Description | Data Type
------------- | ------------- | -------------
200 | Lockout configuration for the tenant&#39;s auth org. | LockoutConfiguration
400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto
401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response
403 | Forbidden - Returned if the user you are running as, doesn&#39;t have access to this end-point. | ErrorResponseDto
404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto
429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response
500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto
### HTTP request headers
- **Content-Type**: Not defined
- **Accept**: application/json
### Example
```powershell
# Get Auth Org Lockout Configuration.
try {
Get-V2024AuthOrgLockoutConfig
# Below is a request that includes all optional parameters
# Get-V2024AuthOrgLockoutConfig
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2024AuthOrgLockoutConfig"
Write-Host $_.ErrorDetails
}
```
[[Back to top]](#)
## get-auth-org-network-config
This API returns the details of an org's network auth configuration.
@@ -120,6 +170,147 @@ try {
```
[[Back to top]](#)
## get-auth-org-service-provider-config
This API returns the details of an org's service provider auth configuration.
[API Spec](https://developer.sailpoint.com/docs/api/v2024/get-auth-org-service-provider-config)
### Parameters
Param Type | Name | Data Type | Required | Description
------------- | ------------- | ------------- | ------------- | -------------
### Return type
[**ServiceProviderConfiguration**](../models/service-provider-configuration)
### Responses
Code | Description | Data Type
------------- | ------------- | -------------
200 | Service provider configuration for the tenant. | ServiceProviderConfiguration
400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto
401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response
403 | Forbidden - Returned if the user you are running as, doesn&#39;t have access to this end-point. | ErrorResponseDto
404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto
429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response
500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto
### HTTP request headers
- **Content-Type**: Not defined
- **Accept**: application/json
### Example
```powershell
# Get Service Provider Configuration.
try {
Get-V2024AuthOrgServiceProviderConfig
# Below is a request that includes all optional parameters
# Get-V2024AuthOrgServiceProviderConfig
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2024AuthOrgServiceProviderConfig"
Write-Host $_.ErrorDetails
}
```
[[Back to top]](#)
## get-auth-org-session-config
This API returns the details of an org's session auth configuration.
[API Spec](https://developer.sailpoint.com/docs/api/v2024/get-auth-org-session-config)
### Parameters
Param Type | Name | Data Type | Required | Description
------------- | ------------- | ------------- | ------------- | -------------
### Return type
[**SessionConfiguration**](../models/session-configuration)
### Responses
Code | Description | Data Type
------------- | ------------- | -------------
200 | Session configuration for the tenant&#39;s auth org. | SessionConfiguration
400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto
401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response
403 | Forbidden - Returned if the user you are running as, doesn&#39;t have access to this end-point. | ErrorResponseDto
404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto
429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response
500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto
### HTTP request headers
- **Content-Type**: Not defined
- **Accept**: application/json
### Example
```powershell
# Get Auth Org Session Configuration.
try {
Get-V2024AuthOrgSessionConfig
# Below is a request that includes all optional parameters
# Get-V2024AuthOrgSessionConfig
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2024AuthOrgSessionConfig"
Write-Host $_.ErrorDetails
}
```
[[Back to top]](#)
## patch-auth-org-lockout-config
This API updates an existing lockout configuration for an org using PATCH
[API Spec](https://developer.sailpoint.com/docs/api/v2024/patch-auth-org-lockout-config)
### Parameters
Param Type | Name | Data Type | Required | Description
------------- | ------------- | ------------- | ------------- | -------------
Body | JsonPatchOperation | [**[]JsonPatchOperation**](../models/json-patch-operation) | True | A list of auth org lockout configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Ensures that the patched Lockout Config conforms to certain logical guidelines, which are: `1. maximumAttempts >= 1 && maximumAttempts <= 15 2. lockoutDuration >= 5 && lockoutDuration <= 60 3. lockoutWindow >= 5 && lockoutDuration <= 60`
### Return type
[**LockoutConfiguration**](../models/lockout-configuration)
### Responses
Code | Description | Data Type
------------- | ------------- | -------------
200 | Updated Auth Org lockout configuration. | LockoutConfiguration
400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto
401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response
403 | Forbidden - Returned if the user you are running as, doesn&#39;t have access to this end-point. | ErrorResponseDto
404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto
429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response
500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto
### HTTP request headers
- **Content-Type**: application/json-patch+json
- **Accept**: application/json
### Example
```powershell
$JsonPatchOperation = @"{
"op" : "replace",
"path" : "/description",
"value" : "New description"
}"@ # JsonPatchOperation[] | A list of auth org lockout configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Ensures that the patched Lockout Config conforms to certain logical guidelines, which are: `1. maximumAttempts >= 1 && maximumAttempts <= 15 2. lockoutDuration >= 5 && lockoutDuration <= 60 3. lockoutWindow >= 5 && lockoutDuration <= 60`
# Update Auth Org Lockout Configuration
try {
$Result = ConvertFrom-JsonToJsonPatchOperation -Json $JsonPatchOperation
Update-V2024AuthOrgLockoutConfig -JsonPatchOperation $Result
# Below is a request that includes all optional parameters
# Update-V2024AuthOrgLockoutConfig -JsonPatchOperation $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-V2024AuthOrgLockoutConfig"
Write-Host $_.ErrorDetails
}
```
[[Back to top]](#)
## patch-auth-org-network-config
This API updates an existing network configuration for an org using PATCH
Requires security scope of: 'sp:auth-org:manage'
@@ -172,3 +363,107 @@ try {
}
```
[[Back to top]](#)
## patch-auth-org-service-provider-config
This API updates an existing service provider configuration for an org using PATCH.
[API Spec](https://developer.sailpoint.com/docs/api/v2024/patch-auth-org-service-provider-config)
### Parameters
Param Type | Name | Data Type | Required | Description
------------- | ------------- | ------------- | ------------- | -------------
Body | JsonPatchOperation | [**[]JsonPatchOperation**](../models/json-patch-operation) | True | A list of auth org service provider configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Note: /federationProtocolDetails/0 is IdpDetails /federationProtocolDetails/1 is SpDetails Ensures that the patched ServiceProviderConfig conforms to certain logical guidelines, which are: 1. Do not add or remove any elements in the federation protocol details in the service provider configuration. 2. Do not modify, add, or delete the service provider details element in the federation protocol details. 3. If this is the first time the patched ServiceProviderConfig enables Remote IDP sign-in, it must also include IDPDetails. 4. If the patch enables Remote IDP sign in, the entityID in the IDPDetails cannot be null. IDPDetails must include an entityID. 5. Any JIT configuration update must be valid. Just in time configuration update must be valid when enabled. This includes: - A Source ID - Source attribute mappings - Source attribute maps have all the required key values (firstName, lastName, email)
### Return type
[**ServiceProviderConfiguration**](../models/service-provider-configuration)
### Responses
Code | Description | Data Type
------------- | ------------- | -------------
200 | Auth Org Service Provider configuration updated. | ServiceProviderConfiguration
400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto
401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response
403 | Forbidden - Returned if the user you are running as, doesn&#39;t have access to this end-point. | ErrorResponseDto
404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto
429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response
500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto
### HTTP request headers
- **Content-Type**: application/json-patch+json
- **Accept**: application/json
### Example
```powershell
$JsonPatchOperation = @"{
"op" : "replace",
"path" : "/description",
"value" : "New description"
}"@ # JsonPatchOperation[] | A list of auth org service provider configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Note: /federationProtocolDetails/0 is IdpDetails /federationProtocolDetails/1 is SpDetails Ensures that the patched ServiceProviderConfig conforms to certain logical guidelines, which are: 1. Do not add or remove any elements in the federation protocol details in the service provider configuration. 2. Do not modify, add, or delete the service provider details element in the federation protocol details. 3. If this is the first time the patched ServiceProviderConfig enables Remote IDP sign-in, it must also include IDPDetails. 4. If the patch enables Remote IDP sign in, the entityID in the IDPDetails cannot be null. IDPDetails must include an entityID. 5. Any JIT configuration update must be valid. Just in time configuration update must be valid when enabled. This includes: - A Source ID - Source attribute mappings - Source attribute maps have all the required key values (firstName, lastName, email)
# Update Service Provider Configuration
try {
$Result = ConvertFrom-JsonToJsonPatchOperation -Json $JsonPatchOperation
Update-V2024AuthOrgServiceProviderConfig -JsonPatchOperation $Result
# Below is a request that includes all optional parameters
# Update-V2024AuthOrgServiceProviderConfig -JsonPatchOperation $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-V2024AuthOrgServiceProviderConfig"
Write-Host $_.ErrorDetails
}
```
[[Back to top]](#)
## patch-auth-org-session-config
This API updates an existing session configuration for an org using PATCH.
[API Spec](https://developer.sailpoint.com/docs/api/v2024/patch-auth-org-session-config)
### Parameters
Param Type | Name | Data Type | Required | Description
------------- | ------------- | ------------- | ------------- | -------------
Body | JsonPatchOperation | [**[]JsonPatchOperation**](../models/json-patch-operation) | True | A list of auth org session configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Ensures that the patched Session Config conforms to certain logical guidelines, which are: `1. maxSessionTime >= 1 && maxSessionTime <= 10080 (1 week) 2. maxIdleTime >= 1 && maxIdleTime <= 1440 (1 day) 3. maxSessionTime must have a greater duration than maxIdleTime.`
### Return type
[**SessionConfiguration**](../models/session-configuration)
### Responses
Code | Description | Data Type
------------- | ------------- | -------------
200 | Updated Auth Org session configuration. | SessionConfiguration
400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto
401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response
403 | Forbidden - Returned if the user you are running as, doesn&#39;t have access to this end-point. | ErrorResponseDto
404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto
429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response
500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto
### HTTP request headers
- **Content-Type**: application/json-patch+json
- **Accept**: application/json
### Example
```powershell
$JsonPatchOperation = @"{
"op" : "replace",
"path" : "/description",
"value" : "New description"
}"@ # JsonPatchOperation[] | A list of auth org session configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Ensures that the patched Session Config conforms to certain logical guidelines, which are: `1. maxSessionTime >= 1 && maxSessionTime <= 10080 (1 week) 2. maxIdleTime >= 1 && maxIdleTime <= 1440 (1 day) 3. maxSessionTime must have a greater duration than maxIdleTime.`
# Update Auth Org Session Configuration
try {
$Result = ConvertFrom-JsonToJsonPatchOperation -Json $JsonPatchOperation
Update-V2024AuthOrgSessionConfig -JsonPatchOperation $Result
# Below is a request that includes all optional parameters
# Update-V2024AuthOrgSessionConfig -JsonPatchOperation $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-V2024AuthOrgSessionConfig"
Write-Host $_.ErrorDetails
}
```
[[Back to top]](#)

2
docs/tools/sdk/powershell/Reference/V2024/Methods/V2024MachineAccountsApi.md
View File

@@ -171,7 +171,7 @@ Code | Description | Data Type
$Id = "ef38f94347e94562b5bb8424a56397d8" # String | Machine Account ID.
$XSailPointExperimental = "true" # String | Use this header to enable this experimental API. (default to "true")
$RequestBody = # SystemCollectionsHashtable[] | A JSON of updated values [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * description * ownerIdentity * subType * accessType * environment * attributes * classificationMethod * manuallyEdited * nativeIdentity * uuid * source * manuallyCorrelated * enabled * locked * hasEntitlements * connectorAttributes
$RequestBody = @"{Add machine identity attribute={value=[{op=add, path=/environment, value=test}]}, Replace machine identity attribute={value=[{op=replace, path=/environment, value=test}]}, Remove machine identity attribute={value=[{op=remove, path=/environment}]}}"@ # SystemCollectionsHashtable[] | A JSON of updated values [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * description * ownerIdentity * subType * accessType * environment * attributes * classificationMethod * manuallyEdited * nativeIdentity * uuid * source * manuallyCorrelated * enabled * locked * hasEntitlements * connectorAttributes
$RequestBody = @"[{op=add, path=/environment, value=test}]"@ # SystemCollectionsHashtable[] | A JSON of updated values [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * description * ownerIdentity * subType * accessType * environment * attributes * classificationMethod * manuallyEdited * nativeIdentity * uuid * source * manuallyCorrelated * enabled * locked * hasEntitlements * connectorAttributes
# Update a Machine Account

2
docs/tools/sdk/powershell/Reference/V2024/Methods/V2024MachineIdentitiesApi.md
View File

@@ -286,7 +286,7 @@ Code | Description | Data Type
$Id = "ef38f94347e94562b5bb8424a56397d8" # String | Machine Identity ID.
$XSailPointExperimental = "true" # String | Use this header to enable this experimental API. (default to "true")
$RequestBody = # SystemCollectionsHashtable[] | A JSON of updated values [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
$RequestBody = @"{Add machine identity attribute={value=[{op=add, path=/attributes/securityRisk, value=medium}]}, Replace machine identity attribute={value=[{op=replace, path=/attributes/securityRisk, value=medium}]}, Remove machine identity attribute={value=[{op=remove, path=/attributes/securityRisk}]}}"@ # SystemCollectionsHashtable[] | A JSON of updated values [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
$RequestBody = @"[{op=add, path=/attributes/securityRisk, value=medium}]"@ # SystemCollectionsHashtable[] | A JSON of updated values [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
# Update a Machine Identity

4
docs/tools/sdk/powershell/Reference/V2024/Methods/V2024ManagedClustersApi.md
View File

@@ -235,7 +235,7 @@ Param Type | Name | Data Type | Required | Description
Query | Offset | **Int32** | (optional) (default to 0) | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Limit | **Int32** | (optional) (default to 250) | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Count | **Boolean** | (optional) (default to $false) | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Filters | **String** | (optional) | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **operational**: *eq*
Query | Filters | **String** | (optional) | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **operational**: *eq* **name**: *eq* **type**: *eq* **status**: *eq*
### Return type
[**ManagedCluster[]**](../models/managed-cluster)
@@ -259,7 +259,7 @@ Code | Description | Data Type
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)
$Filters = 'operational eq "operation"' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **operational**: *eq* (optional)
$Filters = 'operational eq "operation"' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **operational**: *eq* **name**: *eq* **type**: *eq* **status**: *eq* (optional)
# Get Managed Clusters

5
docs/tools/sdk/powershell/Reference/V2024/Methods/V2024RolesApi.md
View File

@@ -226,6 +226,7 @@ $Role = @"{
},
"accessRequestConfig" : {
"commentsRequired" : true,
"reauthorizationRequired" : true,
"approvalSchemes" : [ {
"approverId" : "46c79819-a69f-49a2-becb-12c971ae66c6",
"approverType" : "GOVERNANCE_GROUP"
@@ -693,7 +694,7 @@ Param Type | Name | Data Type | Required | Description
Query | Limit | **Int32** | (optional) (default to 50) | Note that for this API the maximum value for limit is 50. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Offset | **Int32** | (optional) (default to 0) | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Count | **Boolean** | (optional) (default to $false) | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.
Query | Filters | **String** | (optional) | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq*
Query | Filters | **String** | (optional) | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, ge, le* **modified**: *lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* **dimensional**: *eq*
Query | Sorters | **String** | (optional) | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified**
Query | ForSegmentIds | **String** | (optional) | If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs. If segmentation is currently unavailable, specifying this parameter results in an error.
Query | IncludeUnsegmented | **Boolean** | (optional) (default to $true) | Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.
@@ -721,7 +722,7 @@ $ForSubadmin = "5168015d32f890ca15812c9180835d2e" # String | If provided, filter
$Limit = 50 # Int32 | Note that for this API the maximum value for limit is 50. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 50)
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)
$Filters = 'requestable eq false' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* (optional)
$Filters = 'requestable eq false' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, ge, le* **modified**: *lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* **dimensional**: *eq* (optional)
$Sorters = "name,-modified" # String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified** (optional)
$ForSegmentIds = "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" # String | If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs. If segmentation is currently unavailable, specifying this parameter results in an error. (optional)
$IncludeUnsegmented = $false # Boolean | Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error. (optional) (default to $true)

15
docs/tools/sdk/powershell/Reference/V2024/Methods/V2024ServiceDeskIntegrationApi.md
View File

@@ -422,7 +422,7 @@ Update an existing Service Desk integration by ID with a PATCH request.
Param Type | Name | Data Type | Required | Description
------------- | ------------- | ------------- | ------------- | -------------
Path | Id | **String** | True | ID of the Service Desk integration to update
Body | PatchServiceDeskIntegrationRequest | [**PatchServiceDeskIntegrationRequest**](../models/patch-service-desk-integration-request) | True | A list of SDIM update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Only `replace` operations are accepted by this endpoint. A 403 Forbidden Error indicates that a PATCH operation was attempted that is not allowed.
Body | JsonPatchOperation | [**[]JsonPatchOperation**](../models/json-patch-operation) | True | A list of SDIM update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Only `replace` operations are accepted by this endpoint. A 403 Forbidden Error indicates that a PATCH operation was attempted that is not allowed.
### Return type
[**ServiceDeskIntegrationDto**](../models/service-desk-integration-dto)
@@ -445,16 +445,21 @@ Code | Description | Data Type
### Example
```powershell
$Id = "anId" # String | ID of the Service Desk integration to update
$PatchServiceDeskIntegrationRequest = @""@
$JsonPatchOperation = @"{
"op" : "replace",
"path" : "/description",
"value" : "New description"
}"@ # JsonPatchOperation[] | A list of SDIM update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Only `replace` operations are accepted by this endpoint. A 403 Forbidden Error indicates that a PATCH operation was attempted that is not allowed.
# Patch a Service Desk Integration
try {
$Result = ConvertFrom-JsonToPatchServiceDeskIntegrationRequest -Json $PatchServiceDeskIntegrationRequest
Update-V2024ServiceDeskIntegration -Id $Id -PatchServiceDeskIntegrationRequest $Result
$Result = ConvertFrom-JsonToJsonPatchOperation -Json $JsonPatchOperation
Update-V2024ServiceDeskIntegration -Id $Id -JsonPatchOperation $Result
# Below is a request that includes all optional parameters
# Update-V2024ServiceDeskIntegration -Id $Id -PatchServiceDeskIntegrationRequest $Result
# Update-V2024ServiceDeskIntegration -Id $Id -JsonPatchOperation $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-V2024ServiceDeskIntegration"
Write-Host $_.ErrorDetails

18
docs/tools/sdk/powershell/Reference/V2024/Models/AccessProfile.md
View File

@@ -16,19 +16,19 @@ tags: ['SDK', 'Software Development Kit', 'AccessProfile', 'V2024AccessProfile']
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Id** | **String** | The ID of the Access Profile | [optional] [readonly]
**Name** | **String** | Name of the Access Profile | [required]
**Description** | **String** | Information about the Access Profile | [optional]
**Created** | **System.DateTime** | Date the Access Profile was created | [optional] [readonly]
**Modified** | **System.DateTime** | Date the Access Profile was last modified. | [optional] [readonly]
**Enabled** | **Boolean** | Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement. | [optional] [default to $true]
**Id** | **String** | Access profile ID. | [optional] [readonly]
**Name** | **String** | Access profile name. | [required]
**Description** | **String** | Access profile description. | [optional]
**Created** | **System.DateTime** | Date and time when the access profile was created. | [optional] [readonly]
**Modified** | **System.DateTime** | Date and time when the access profile was last modified. | [optional] [readonly]
**Enabled** | **Boolean** | Indicates whether the access profile is enabled. If it's enabled, you must include at least one entitlement. | [optional] [default to $false]
**Owner** | [**OwnerReference**](owner-reference) | | [required]
**Source** | [**AccessProfileSourceRef**](access-profile-source-ref) | | [required]
**Entitlements** | [**[]EntitlementRef**](entitlement-ref) | A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement. | [optional]
**Requestable** | **Boolean** | Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error. | [optional] [default to $true]
**Entitlements** | [**[]EntitlementRef**](entitlement-ref) | List of entitlements associated with the access profile. If `enabled` is false, this can be empty. Otherwise, it must contain at least one entitlement. | [optional]
**Requestable** | **Boolean** | Indicates whether the access profile is requestable by access request. Currently, making an access profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an access profile with a value **false** in this field results in a 400 error. | [optional] [default to $true]
**AccessRequestConfig** | [**Requestability**](requestability) | | [optional]
**RevocationRequestConfig** | [**Revocability**](revocability) | | [optional]
**Segments** | **[]String** | List of IDs of segments, if any, to which this Access Profile is assigned. | [optional]
**Segments** | **[]String** | List of segment IDs, if any, that the access profile is assigned to. | [optional]
**ProvisioningCriteria** | [**ProvisioningCriteriaLevel1**](provisioning-criteria-level1) | | [optional]
## Examples

4
docs/tools/sdk/powershell/Reference/V2024/Models/AccessProfileApprovalScheme.md
View File

@@ -16,8 +16,8 @@ tags: ['SDK', 'Software Development Kit', 'AccessProfileApprovalScheme', 'V2024A
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**ApproverType** | **Enum** [ "APP_OWNER", "OWNER", "SOURCE_OWNER", "MANAGER", "GOVERNANCE_GROUP" ] | Describes the individual or group that is responsible for an approval step. Values are as follows. **APP_OWNER**: The owner of the Application **OWNER**: Owner of the associated Access Profile or Role **SOURCE_OWNER**: Owner of the Source associated with an Access Profile **MANAGER**: Manager of the Identity making the request **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field | [optional]
**ApproverId** | **String** | Id of the specific approver, used only when approverType is GOVERNANCE_GROUP | [optional]
**ApproverType** | **Enum** [ "APP_OWNER", "OWNER", "SOURCE_OWNER", "MANAGER", "GOVERNANCE_GROUP" ] | Describes the individual or group that is responsible for an approval step. These are the possible values: **APP_OWNER**: The owner of the Application **OWNER**: Owner of the associated Access Profile or Role **SOURCE_OWNER**: Owner of the Source associated with an Access Profile **MANAGER**: Manager of the Identity making the request **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field | [optional]
**ApproverId** | **String** | Specific approver ID. Only use this when the `approverType` is `GOVERNANCE_GROUP`. | [optional]
## Examples

6
docs/tools/sdk/powershell/Reference/V2024/Models/AccessProfileSourceRef.md
View File

@@ -16,9 +16,9 @@ tags: ['SDK', 'Software Development Kit', 'AccessProfileSourceRef', 'V2024Access
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Id** | **String** | The ID of the Source with with which the Access Profile is associated | [optional]
**Type** | **Enum** [ "SOURCE" ] | The type of the Source, will always be SOURCE | [optional]
**Name** | **String** | The display name of the associated Source | [optional]
**Id** | **String** | ID of the source the access profile is associated with. | [optional]
**Type** | **Enum** [ "SOURCE" ] | Source's DTO type. | [optional]
**Name** | **String** | Source name. | [optional]
## Examples

6
docs/tools/sdk/powershell/Reference/V2024/Models/AccessRequest.md
View File

@@ -20,15 +20,17 @@ Name | Type | Description | Notes
**RequestType** | [**AccessRequestType**](access-request-type) | | [optional]
**RequestedItems** | [**[]AccessRequestItem**](access-request-item) | | [required]
**ClientMetadata** | **map[string]String** | Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities. | [optional]
**RequestedForWithRequestedItems** | [**[]RequestedForDtoRef**](requested-for-dto-ref) | Additional submit data structure with requestedFor containing requestedItems allowing distinction for each request item and Identity. * Can only be used when 'requestedFor' and 'requestedItems' are not separately provided * Adds ability to specify which account the user wants the access on, in case they have multiple accounts on a source * Allows the ability to request items with different remove dates * Also allows different combinations of request items and identities in the same request | [optional]
## Examples
- Prepare the resource
```powershell
$AccessRequest = Initialize-PSSailpoint.V2024AccessRequest -RequestedFor null `
$AccessRequest = Initialize-PSSailpoint.V2024AccessRequest -RequestedFor 2c918084660f45d6016617daa9210584 `
-RequestType null `
-RequestedItems null `
-ClientMetadata {requestedAppId=2c91808f7892918f0178b78da4a305a1, requestedAppName=test-app}
-ClientMetadata {requestedAppId=2c91808f7892918f0178b78da4a305a1, requestedAppName=test-app} `
-RequestedForWithRequestedItems null
```
- Convert the resource to JSON

6
docs/tools/sdk/powershell/Reference/V2024/Models/AccessRequestItem.md
View File

@@ -21,6 +21,8 @@ Name | Type | Description | Notes
**Comment** | **String** | Comment provided by requester. * Comment is required when the request is of type Revoke Access. | [optional]
**ClientMetadata** | **map[string]String** | Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status. | [optional]
**RemoveDate** | **System.DateTime** | The date the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date. * Specify a date in the future. * The current SLA for the deprovisioning is 24 hours. * This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. You can change the expiration date for requests for yourself or direct reports, but you cannot remove an expiration date on an already approved item. If the access request has not been approved, you can cancel it and submit a new one without the expiration. If it has already been approved, then you have to revoke the access and then re-request without the expiration. | [optional]
**AssignmentId** | **String** | The assignmentId for a specific role assignment on the identity. This id is used to revoke that specific roleAssignment on that identity. * For use with REVOKE_ACCESS requests for roles for identities with multiple accounts on a single source. | [optional]
**NativeIdentity** | **String** | The 'distinguishedName' field for an account on the identity, also called nativeIdentity. This nativeIdentity is used to revoke a specific attributeAssignment on the identity. * For use with REVOKE_ACCESS requests for entitlements for identities with multiple accounts on a single source. | [optional]
## Examples
@@ -30,7 +32,9 @@ $AccessRequestItem = Initialize-PSSailpoint.V2024AccessRequestItem -Type ACCESS
-Id 2c9180835d2e5168015d32f890ca1581 `
-Comment Requesting access profile for John Doe `
-ClientMetadata {requestedAppName=test-app, requestedAppId=2c91808f7892918f0178b78da4a305a1} `
-RemoveDate 2020-07-11T21:23:15Z
-RemoveDate 2020-07-11T21:23:15Z `
-AssignmentId ee48a191c00d49bf9264eb0a4fc3a9fc `
-NativeIdentity CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN
```
- Convert the resource to JSON

43
docs/tools/sdk/powershell/Reference/V2024/Models/AccountInfoRef.md Normal file
View File

@@ -0,0 +1,43 @@
---
id: v2024-account-info-ref
title: AccountInfoRef
pagination_label: AccountInfoRef
sidebar_label: AccountInfoRef
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'AccountInfoRef', 'V2024AccountInfoRef']
slug: /tools/sdk/powershell/v2024/models/account-info-ref
tags: ['SDK', 'Software Development Kit', 'AccountInfoRef', 'V2024AccountInfoRef']
---
# AccountInfoRef
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Uuid** | **String** | The uuid for the account, available under the 'objectguid' attribute | [optional]
**NativeIdentity** | **String** | The 'distinguishedName' attribute for the account | [optional]
**Type** | [**DtoType**](dto-type) | | [optional]
**Id** | **String** | The account id | [optional]
**Name** | **String** | The account display name | [optional]
## Examples
- Prepare the resource
```powershell
$AccountInfoRef = Initialize-PSSailpoint.V2024AccountInfoRef -Uuid {fab7119e-004f-4822-9c33-b8d570d6c6a6} `
-NativeIdentity CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local `
-Type null `
-Id f19d168c27374fd1aff3b483573f997f `
-Name UserAccount.761a2248b
```
- Convert the resource to JSON
```powershell
$AccountInfoRef | ConvertTo-JSON
```
[[Back to top]](#)

37
docs/tools/sdk/powershell/Reference/V2024/Models/AccountItemRef.md Normal file
View File

@@ -0,0 +1,37 @@
---
id: v2024-account-item-ref
title: AccountItemRef
pagination_label: AccountItemRef
sidebar_label: AccountItemRef
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'AccountItemRef', 'V2024AccountItemRef']
slug: /tools/sdk/powershell/v2024/models/account-item-ref
tags: ['SDK', 'Software Development Kit', 'AccountItemRef', 'V2024AccountItemRef']
---
# AccountItemRef
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**AccountUuid** | **String** | The uuid for the account, available under the 'objectguid' attribute | [optional]
**NativeIdentity** | **String** | The 'distinguishedName' attribute for the account | [optional]
## Examples
- Prepare the resource
```powershell
$AccountItemRef = Initialize-PSSailpoint.V2024AccountItemRef -AccountUuid {fab7119e-004f-4822-9c33-b8d570d6c6a6} `
-NativeIdentity CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local
```
- Convert the resource to JSON
```powershell
$AccountItemRef | ConvertTo-JSON
```
[[Back to top]](#)

2
docs/tools/sdk/powershell/Reference/V2024/Models/AccountUsage.md
View File

@@ -23,7 +23,7 @@ Name | Type | Description | Notes
- Prepare the resource
```powershell
$AccountUsage = Initialize-PSSailpoint.V2024AccountUsage -Date Fri Apr 21 00:00:00 UTC 2023 `
$AccountUsage = Initialize-PSSailpoint.V2024AccountUsage -Date Thu Apr 20 20:00:00 EDT 2023 `
-Count 10
```

41
docs/tools/sdk/powershell/Reference/V2024/Models/AccountsSelectionRequest.md Normal file
View File

@@ -0,0 +1,41 @@
---
id: v2024-accounts-selection-request
title: AccountsSelectionRequest
pagination_label: AccountsSelectionRequest
sidebar_label: AccountsSelectionRequest
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'AccountsSelectionRequest', 'V2024AccountsSelectionRequest']
slug: /tools/sdk/powershell/v2024/models/accounts-selection-request
tags: ['SDK', 'Software Development Kit', 'AccountsSelectionRequest', 'V2024AccountsSelectionRequest']
---
# AccountsSelectionRequest
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**RequestedFor** | **[]String** | A list of Identity IDs for whom the Access is requested. | [required]
**RequestType** | [**AccessRequestType**](access-request-type) | | [optional]
**RequestedItems** | [**[]AccessRequestItem**](access-request-item) | | [required]
**ClientMetadata** | **map[string]String** | Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities. | [optional]
## Examples
- Prepare the resource
```powershell
$AccountsSelectionRequest = Initialize-PSSailpoint.V2024AccountsSelectionRequest -RequestedFor 2c918084660f45d6016617daa9210584 `
-RequestType null `
-RequestedItems null `
-ClientMetadata {requestedAppId=2c91808f7892918f0178b78da4a305a1, requestedAppName=test-app}
```
- Convert the resource to JSON
```powershell
$AccountsSelectionRequest | ConvertTo-JSON
```
[[Back to top]](#)

35
docs/tools/sdk/powershell/Reference/V2024/Models/AccountsSelectionResponse.md Normal file
View File

@@ -0,0 +1,35 @@
---
id: v2024-accounts-selection-response
title: AccountsSelectionResponse
pagination_label: AccountsSelectionResponse
sidebar_label: AccountsSelectionResponse
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'AccountsSelectionResponse', 'V2024AccountsSelectionResponse']
slug: /tools/sdk/powershell/v2024/models/accounts-selection-response
tags: ['SDK', 'Software Development Kit', 'AccountsSelectionResponse', 'V2024AccountsSelectionResponse']
---
# AccountsSelectionResponse
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Identities** | [**[]IdentityAccountSelections**](identity-account-selections) | A list of available account selections per identity in the request, for all the requested items | [optional]
## Examples
- Prepare the resource
```powershell
$AccountsSelectionResponse = Initialize-PSSailpoint.V2024AccountsSelectionResponse -Identities null
```
- Convert the resource to JSON
```powershell
$AccountsSelectionResponse | ConvertTo-JSON
```
[[Back to top]](#)

2
docs/tools/sdk/powershell/Reference/V2024/Models/AttributeDefinitionType.md
View File

@@ -23,6 +23,8 @@ tags: ['SDK', 'Software Development Kit', 'AttributeDefinitionType', 'V2024Attri
* `BOOLEAN` (value: `"BOOLEAN"`)
* `DATE` (value: `"DATE"`)
[[Back to top]](#)

37
docs/tools/sdk/powershell/Reference/V2024/Models/FederationProtocolDetails.md Normal file
View File

@@ -0,0 +1,37 @@
---
id: v2024-federation-protocol-details
title: FederationProtocolDetails
pagination_label: FederationProtocolDetails
sidebar_label: FederationProtocolDetails
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'FederationProtocolDetails', 'V2024FederationProtocolDetails']
slug: /tools/sdk/powershell/v2024/models/federation-protocol-details
tags: ['SDK', 'Software Development Kit', 'FederationProtocolDetails', 'V2024FederationProtocolDetails']
---
# FederationProtocolDetails
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Role** | **Enum** [ "SAML_IDP", "SAML_SP" ] | Federation protocol role | [optional]
**EntityId** | **String** | An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP). | [optional]
## Examples
- Prepare the resource
```powershell
$FederationProtocolDetails = Initialize-PSSailpoint.V2024FederationProtocolDetails -Role SAML_IDP `
-EntityId http://www.okta.com/exkdaruy8Ln5Ry7C54x6
```
- Convert the resource to JSON
```powershell
$FederationProtocolDetails | ConvertTo-JSON
```
[[Back to top]](#)

79
docs/tools/sdk/powershell/Reference/V2024/Models/GetCampaign200Response.md Normal file
View File

@@ -0,0 +1,79 @@
---
id: v2024-get-campaign200-response
title: GetCampaign200Response
pagination_label: GetCampaign200Response
sidebar_label: GetCampaign200Response
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'GetCampaign200Response', 'V2024GetCampaign200Response']
slug: /tools/sdk/powershell/v2024/models/get-campaign200-response
tags: ['SDK', 'Software Development Kit', 'GetCampaign200Response', 'V2024GetCampaign200Response']
---
# GetCampaign200Response
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Id** | **String** | Id of the campaign | [optional] [readonly]
**Name** | **String** | The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details. | [required]
**Description** | **String** | The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details. | [required]
**Deadline** | **System.DateTime** | The campaign's completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response. | [optional]
**Type** | **Enum** [ "MANAGER", "SOURCE_OWNER", "SEARCH", "ROLE_COMPOSITION", "MACHINE_ACCOUNT" ] | The type of campaign. Could be extended in the future. | [required]
**EmailNotificationEnabled** | **Boolean** | Enables email notification for this campaign | [optional] [default to $false]
**AutoRevokeAllowed** | **Boolean** | Allows auto revoke for this campaign | [optional] [default to $false]
**RecommendationsEnabled** | **Boolean** | Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. | [optional] [default to $false]
**Status** | **Enum** [ "PENDING", "STAGED", "CANCELING", "ACTIVATING", "ACTIVE", "COMPLETING", "COMPLETED", "ERROR", "ARCHIVED" ] | The campaign's current status. | [optional] [readonly]
**CorrelatedStatus** | **Enum** [ "CORRELATED", "UNCORRELATED" ] | The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). | [optional]
**Created** | **System.DateTime** | Created time of the campaign | [optional] [readonly]
**TotalCertifications** | **Int32** | The total number of certifications in this campaign. | [optional] [readonly]
**CompletedCertifications** | **Int32** | The number of completed certifications in this campaign. | [optional] [readonly]
**Alerts** | [**[]CampaignAlert**](campaign-alert) | A list of errors and warnings that have accumulated. | [optional] [readonly]
**Modified** | **System.DateTime** | Modified time of the campaign | [optional] [readonly]
**VarFilter** | [**CampaignAllOfFilter**](campaign-all-of-filter) | | [optional]
**SunsetCommentsRequired** | **Boolean** | Determines if comments on sunset date changes are required. | [optional] [default to $true]
**SourceOwnerCampaignInfo** | [**CampaignAllOfSourceOwnerCampaignInfo**](campaign-all-of-source-owner-campaign-info) | | [optional]
**SearchCampaignInfo** | [**CampaignAllOfSearchCampaignInfo**](campaign-all-of-search-campaign-info) | | [optional]
**RoleCompositionCampaignInfo** | [**CampaignAllOfRoleCompositionCampaignInfo**](campaign-all-of-role-composition-campaign-info) | | [optional]
**MachineAccountCampaignInfo** | [**CampaignAllOfMachineAccountCampaignInfo**](campaign-all-of-machine-account-campaign-info) | | [optional]
**SourcesWithOrphanEntitlements** | [**[]CampaignAllOfSourcesWithOrphanEntitlements**](campaign-all-of-sources-with-orphan-entitlements) | A list of sources in the campaign that contain \""orphan entitlements\"" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). | [optional] [readonly]
**MandatoryCommentRequirement** | **Enum** [ "ALL_DECISIONS", "REVOKE_ONLY_DECISIONS", "NO_DECISIONS" ] | Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions. | [optional]
## Examples
- Prepare the resource
```powershell
$GetCampaign200Response = Initialize-PSSailpoint.V2024GetCampaign200Response -Id 2c9079b270a266a60170a2779fcb0007 `
-Name Manager Campaign `
-Description Everyone needs to be reviewed by their manager `
-Deadline 2020-03-15T10:00:01.456Z `
-Type MANAGER `
-EmailNotificationEnabled false `
-AutoRevokeAllowed false `
-RecommendationsEnabled true `
-Status ACTIVE `
-CorrelatedStatus CORRELATED `
-Created 2020-03-03T22:15:13.611Z `
-TotalCertifications 100 `
-CompletedCertifications 10 `
-Alerts null `
-Modified 2020-03-03T22:20:12.674Z `
-VarFilter null `
-SunsetCommentsRequired true `
-SourceOwnerCampaignInfo null `
-SearchCampaignInfo null `
-RoleCompositionCampaignInfo null `
-MachineAccountCampaignInfo null `
-SourcesWithOrphanEntitlements null `
-MandatoryCommentRequirement NO_DECISIONS
```
- Convert the resource to JSON
```powershell
$GetCampaign200Response | ConvertTo-JSON
```
[[Back to top]](#)

43
docs/tools/sdk/powershell/Reference/V2024/Models/IdentityAccountSelections.md Normal file
View File

@@ -0,0 +1,43 @@
---
id: v2024-identity-account-selections
title: IdentityAccountSelections
pagination_label: IdentityAccountSelections
sidebar_label: IdentityAccountSelections
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'IdentityAccountSelections', 'V2024IdentityAccountSelections']
slug: /tools/sdk/powershell/v2024/models/identity-account-selections
tags: ['SDK', 'Software Development Kit', 'IdentityAccountSelections', 'V2024IdentityAccountSelections']
---
# IdentityAccountSelections
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**RequestedItems** | [**[]RequestedItemAccountSelections**](requested-item-account-selections) | Available account selections for the identity, per requested item | [optional]
**AccountsSelectionRequired** | **Boolean** | A boolean indicating whether any account selections will be required for the user to raise an access request | [optional] [default to $false]
**Type** | [**DtoType**](dto-type) | | [optional]
**Id** | **String** | The identity id for the user | [optional]
**Name** | **String** | The name of the identity | [optional]
## Examples
- Prepare the resource
```powershell
$IdentityAccountSelections = Initialize-PSSailpoint.V2024IdentityAccountSelections -RequestedItems null `
-AccountsSelectionRequired false `
-Type null `
-Id 70016590f2df4b879bdb1313a9e4e19e `
-Name User name
```
- Convert the resource to JSON
```powershell
$IdentityAccountSelections | ConvertTo-JSON
```
[[Back to top]](#)

61
docs/tools/sdk/powershell/Reference/V2024/Models/IdpDetails.md Normal file
View File

@@ -0,0 +1,61 @@
---
id: v2024-idp-details
title: IdpDetails
pagination_label: IdpDetails
sidebar_label: IdpDetails
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'IdpDetails', 'V2024IdpDetails']
slug: /tools/sdk/powershell/v2024/models/idp-details
tags: ['SDK', 'Software Development Kit', 'IdpDetails', 'V2024IdpDetails']
---
# IdpDetails
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Role** | **Enum** [ "SAML_IDP", "SAML_SP" ] | Federation protocol role | [optional]
**EntityId** | **String** | An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP). | [optional]
**Binding** | **String** | Defines the binding used for the SAML flow. Used with IDP configurations. | [optional]
**AuthnContext** | **String** | Specifies the SAML authentication method to use. Used with IDP configurations. | [optional]
**LogoutUrl** | **String** | The IDP logout URL. Used with IDP configurations. | [optional]
**IncludeAuthnContext** | **Boolean** | Determines if the configured AuthnContext should be used or the default. Used with IDP configurations. | [optional] [default to $false]
**NameId** | **String** | The name id format to use. Used with IDP configurations. | [optional]
**JitConfiguration** | [**JITConfiguration**](jit-configuration) | | [optional]
**Cert** | **String** | The Base64-encoded certificate used by the IDP. Used with IDP configurations. | [optional]
**LoginUrlPost** | **String** | The IDP POST URL, used with IDP HTTP-POST bindings for IDP-initiated logins. Used with IDP configurations. | [optional]
**LoginUrlRedirect** | **String** | The IDP Redirect URL. Used with IDP configurations. | [optional]
**MappingAttribute** | **String** | Return the saml Id for the given user, based on the IDN as SP settings of the org. Used with IDP configurations. | [required]
**CertificateExpirationDate** | **String** | The expiration date extracted from the certificate. | [optional]
**CertificateName** | **String** | The name extracted from the certificate. | [optional]
## Examples
- Prepare the resource
```powershell
$IdpDetails = Initialize-PSSailpoint.V2024IdpDetails -Role SAML_IDP `
-EntityId http://www.okta.com/exkdaruy8Ln5Ry7C54x6 `
-Binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST `
-AuthnContext urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport `
-LogoutUrl https://dev-206445.oktapreview.com/login/signout `
-IncludeAuthnContext false `
-NameId urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress `
-JitConfiguration null `
-Cert -----BEGIN CERTIFICATE-----****-----END CERTIFICATE----- `
-LoginUrlPost https://dev-157216.okta.com/app/sailpointdev157216_cdovsaml_1/exkdaruy8Ln5Ry7C54x6/sso/saml `
-LoginUrlRedirect https://dev-157216.okta.com/app/sailpointdev157216_cdovsaml_1/exkdaruy8Ln5Ry7C54x6/sso/saml `
-MappingAttribute email `
-CertificateExpirationDate Fri Mar 08 08:54:24 UTC 2013 `
-CertificateName OU=Conext, O=Surfnet, L=Utrecht, ST=Utrecht, C=NL
```
- Convert the resource to JSON
```powershell
$IdpDetails | ConvertTo-JSON
```
[[Back to top]](#)

39
docs/tools/sdk/powershell/Reference/V2024/Models/JITConfiguration.md Normal file
View File

@@ -0,0 +1,39 @@
---
id: v2024-jit-configuration
title: JITConfiguration
pagination_label: JITConfiguration
sidebar_label: JITConfiguration
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'JITConfiguration', 'V2024JITConfiguration']
slug: /tools/sdk/powershell/v2024/models/jit-configuration
tags: ['SDK', 'Software Development Kit', 'JITConfiguration', 'V2024JITConfiguration']
---
# JITConfiguration
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Enabled** | **Boolean** | The indicator for just-in-time provisioning enabled | [optional] [default to $false]
**SourceId** | **String** | the sourceId that mapped to just-in-time provisioning configuration | [optional]
**SourceAttributeMappings** | **map[string]String** | A mapping of identity profile attribute names to SAML assertion attribute names | [optional]
## Examples
- Prepare the resource
```powershell
$JITConfiguration = Initialize-PSSailpoint.V2024JITConfiguration -Enabled false `
-SourceId 2c9180857377ed2901739c12a2da5ac8 `
-SourceAttributeMappings {firstName=okta.firstName, lastName=okta.lastName, email=okta.email}
```
- Convert the resource to JSON
```powershell
$JITConfiguration | ConvertTo-JSON
```
[[Back to top]](#)

2
docs/tools/sdk/powershell/Reference/V2024/Models/LifecyclestateDeleted.md
View File

@@ -16,7 +16,7 @@ tags: ['SDK', 'Software Development Kit', 'LifecyclestateDeleted', 'V2024Lifecyc
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Type** | **Enum** [ "LIFECYCLE_STATE" ] | Deleted lifecycle state's DTO type. | [optional]
**Type** | **Enum** [ "LIFECYCLE_STATE", "TASK_RESULT" ] | Deleted lifecycle state's DTO type. | [optional]
**Id** | **String** | Deleted lifecycle state ID. | [optional]
**Name** | **String** | Deleted lifecycle state's display name. | [optional]

39
docs/tools/sdk/powershell/Reference/V2024/Models/LockoutConfiguration.md Normal file
View File

@@ -0,0 +1,39 @@
---
id: v2024-lockout-configuration
title: LockoutConfiguration
pagination_label: LockoutConfiguration
sidebar_label: LockoutConfiguration
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'LockoutConfiguration', 'V2024LockoutConfiguration']
slug: /tools/sdk/powershell/v2024/models/lockout-configuration
tags: ['SDK', 'Software Development Kit', 'LockoutConfiguration', 'V2024LockoutConfiguration']
---
# LockoutConfiguration
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**MaximumAttempts** | **Int32** | The maximum attempts allowed before lockout occurs. | [optional]
**LockoutDuration** | **Int32** | The total time in minutes a user will be locked out. | [optional]
**LockoutWindow** | **Int32** | A rolling window where authentication attempts in a series count towards the maximum before lockout occurs. | [optional]
## Examples
- Prepare the resource
```powershell
$LockoutConfiguration = Initialize-PSSailpoint.V2024LockoutConfiguration -MaximumAttempts 5 `
-LockoutDuration 15 `
-LockoutWindow 5
```
- Convert the resource to JSON
```powershell
$LockoutConfiguration | ConvertTo-JSON
```
[[Back to top]](#)

8
docs/tools/sdk/powershell/Reference/V2024/Models/ManagedClient.md
View File

@@ -18,8 +18,8 @@ Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Id** | **String** | ManagedClient ID | [optional] [readonly]
**AlertKey** | **String** | ManagedClient alert key | [optional] [readonly]
**ApiGatewayBaseUrl** | **String** | | [optional]
**Cookbook** | **String** | | [optional]
**ApiGatewayBaseUrl** | **String** | apiGatewayBaseUrl for the Managed client | [optional]
**Cookbook** | **String** | cookbook id for the Managed client | [optional]
**CcId** | **Int64** | Previous CC ID to be used in data migration. (This field will be deleted after CC migration!) | [optional]
**ClientId** | **String** | The client ID used in API management | [required]
**ClusterId** | **String** | Cluster ID that the ManagedClient is linked to | [required]
@@ -37,6 +37,7 @@ Name | Type | Description | Notes
**CreatedAt** | **System.DateTime** | The date/time this ManagedClient was created | [optional]
**UpdatedAt** | **System.DateTime** | The date/time this ManagedClient was last updated | [optional]
**ProvisionStatus** | **Enum** [ "PROVISIONED", "DRAFT" ] | The provisioning status of the ManagedClient | [optional] [readonly]
**HealthIndicators** | [**SystemCollectionsHashtable**]https://learn.microsoft.com/en-us/dotnet/api/system.collections.hashtable?view=net-9.0 | The health indicators of the ManagedClient | [optional]
## Examples
@@ -62,7 +63,8 @@ $ManagedClient = Initialize-PSSailpoint.V2024ManagedClient -Id 2c9180878eaf4204
-Secret ef878e15eaa8c8d3e2fa52f41125e2a0eeadadc6a14f931a33ad3e1b62d56381 `
-CreatedAt 2023-08-04T20:48:01.865Z `
-UpdatedAt 2023-08-04T20:48:01.865Z `
-ProvisionStatus PROVISIONED
-ProvisionStatus PROVISIONED `
-HealthIndicators { "network": { "errors": [], "warnings": [] }, "memory": { "errors": [], "warnings": [] }, "cpu": { "errors": [], "warnings": [] } }
```
- Convert the resource to JSON

14
docs/tools/sdk/powershell/Reference/V2024/Models/ManagedCluster.md
View File

@@ -41,6 +41,12 @@ Name | Type | Description | Notes
**CcId** | **String** | CC ID only used in calling CC, will be removed without notice when Migration to CEGS is finished | [optional] [default to "0"]
**CreatedAt** | **System.DateTime** | The date/time this cluster was created | [optional]
**UpdatedAt** | **System.DateTime** | The date/time this cluster was last updated | [optional]
**LastReleaseNotifiedAt** | **System.DateTime** | The date/time this cluster was notified for the last release | [optional]
**UpdatePreferences** | [**ManagedClusterUpdatePreferences**](managed-cluster-update-preferences) | | [optional]
**CurrentInstalledReleaseVersion** | **String** | The current installed release on the Managed cluster | [optional]
**UpdatePackage** | **String** | New available updates for the Managed cluster | [optional]
**IsOutOfDateNotifiedAt** | **System.DateTime** | The time at which out of date notification was sent for the Managed cluster | [optional]
**ConsolidatedHealthIndicatorsStatus** | **Enum** [ "NORMAL", "WARNING", "ERROR" ] | The consolidated Health Status for the Managed cluster | [optional]
## Examples
@@ -70,7 +76,13 @@ $ManagedCluster = Initialize-PSSailpoint.V2024ManagedCluster -Id e1ff7bb24c9342
-ServiceCount 6 `
-CcId 1533 `
-CreatedAt 2023-08-04T20:48:01.865Z `
-UpdatedAt 2023-08-04T20:48:01.865Z
-UpdatedAt 2023-08-04T20:48:01.865Z `
-LastReleaseNotifiedAt 2025-03-11T07:00:13.729721Z `
-UpdatePreferences null `
-CurrentInstalledReleaseVersion 123.1 `
-UpdatePackage null `
-IsOutOfDateNotifiedAt 2025-03-11T07:00:13.734393Z `
-ConsolidatedHealthIndicatorsStatus ERROR
```
- Convert the resource to JSON

39
docs/tools/sdk/powershell/Reference/V2024/Models/ManagedClusterUpdatePreferences.md Normal file
View File

@@ -0,0 +1,39 @@
---
id: v2024-managed-cluster-update-preferences
title: ManagedClusterUpdatePreferences
pagination_label: ManagedClusterUpdatePreferences
sidebar_label: ManagedClusterUpdatePreferences
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'ManagedClusterUpdatePreferences', 'V2024ManagedClusterUpdatePreferences']
slug: /tools/sdk/powershell/v2024/models/managed-cluster-update-preferences
tags: ['SDK', 'Software Development Kit', 'ManagedClusterUpdatePreferences', 'V2024ManagedClusterUpdatePreferences']
---
# ManagedClusterUpdatePreferences
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**ProcessGroups** | **String** | The processGroups for updatePreferences | [optional]
**UpdateState** | **Enum** [ "AUTO", "DISABLED" ] | The current updateState for the cluster | [optional]
**NotificationEmail** | **String** | The mail id to which new releases will be notified | [optional]
## Examples
- Prepare the resource
```powershell
$ManagedClusterUpdatePreferences = Initialize-PSSailpoint.V2024ManagedClusterUpdatePreferences -ProcessGroups null `
-UpdateState DISABLED `
-NotificationEmail test@mail.com
```
- Convert the resource to JSON
```powershell
$ManagedClusterUpdatePreferences | ConvertTo-JSON
```
[[Back to top]](#)

4
docs/tools/sdk/powershell/Reference/V2024/Models/NonEmployeeRequestWithoutApprovalItem.md
View File

@@ -51,8 +51,8 @@ $NonEmployeeRequestWithoutApprovalItem = Initialize-PSSailpoint.V2024NonEmployee
-ApprovalStatus null `
-Comment approved `
-CompletionDate 2020-03-24T11:11:41.139-05:00 `
-StartDate Tue Mar 24 00:00:00 UTC 2020 `
-EndDate Thu Mar 25 00:00:00 UTC 2021 `
-StartDate Mon Mar 23 20:00:00 EDT 2020 `
-EndDate Wed Mar 24 20:00:00 EDT 2021 `
-Modified 2020-03-24T11:11:41.139-05:00 `
-Created 2020-03-24T11:11:41.139-05:00
```

4
docs/tools/sdk/powershell/Reference/V2024/Models/OwnerReference.md
View File

@@ -17,8 +17,8 @@ tags: ['SDK', 'Software Development Kit', 'OwnerReference', 'V2024OwnerReference
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Type** | **Enum** [ "IDENTITY" ] | Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result. | [optional]
**Id** | **String** | Identity id | [optional]
**Name** | **String** | Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result. | [optional]
**Id** | **String** | Owner's identity ID. | [optional]
**Name** | **String** | Owner's name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result. | [optional]
## Examples

35
docs/tools/sdk/powershell/Reference/V2024/Models/PatchServiceDeskIntegrationRequest.md
View File

@@ -1,35 +0,0 @@
---
id: v2024-patch-service-desk-integration-request
title: PatchServiceDeskIntegrationRequest
pagination_label: PatchServiceDeskIntegrationRequest
sidebar_label: PatchServiceDeskIntegrationRequest
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'PatchServiceDeskIntegrationRequest', 'V2024PatchServiceDeskIntegrationRequest']
slug: /tools/sdk/powershell/v2024/models/patch-service-desk-integration-request
tags: ['SDK', 'Software Development Kit', 'PatchServiceDeskIntegrationRequest', 'V2024PatchServiceDeskIntegrationRequest']
---
# PatchServiceDeskIntegrationRequest
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Operations** | [**[]JsonPatchOperation**](json-patch-operation) | Operations to be applied | [optional]
## Examples
- Prepare the resource
```powershell
$PatchServiceDeskIntegrationRequest = Initialize-PSSailpoint.V2024PatchServiceDeskIntegrationRequest -Operations null
```
- Convert the resource to JSON
```powershell
$PatchServiceDeskIntegrationRequest | ConvertTo-JSON
```
[[Back to top]](#)

6
docs/tools/sdk/powershell/Reference/V2024/Models/ProvisioningCriteriaLevel1.md
View File

@@ -17,9 +17,9 @@ tags: ['SDK', 'Software Development Kit', 'ProvisioningCriteriaLevel1', 'V2024Pr
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Operation** | [**ProvisioningCriteriaOperation**](provisioning-criteria-operation) | | [optional]
**Attribute** | **String** | Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error. | [optional]
**Value** | **String** | String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type. | [optional]
**Children** | [**[]ProvisioningCriteriaLevel2**](provisioning-criteria-level2) | Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. | [optional]
**Attribute** | **String** | Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error. | [optional]
**Value** | **String** | String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type. | [optional]
**Children** | [**[]ProvisioningCriteriaLevel2**](provisioning-criteria-level2) | Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. | [optional]
## Examples

6
docs/tools/sdk/powershell/Reference/V2024/Models/ProvisioningCriteriaLevel2.md
View File

@@ -17,9 +17,9 @@ tags: ['SDK', 'Software Development Kit', 'ProvisioningCriteriaLevel2', 'V2024Pr
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Operation** | [**ProvisioningCriteriaOperation**](provisioning-criteria-operation) | | [optional]
**Attribute** | **String** | Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error. | [optional]
**Value** | **String** | String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type. | [optional]
**Children** | [**[]ProvisioningCriteriaLevel3**](provisioning-criteria-level3) | Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. | [optional]
**Attribute** | **String** | Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error. | [optional]
**Value** | **String** | String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type. | [optional]
**Children** | [**[]ProvisioningCriteriaLevel3**](provisioning-criteria-level3) | Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. | [optional]
## Examples

6
docs/tools/sdk/powershell/Reference/V2024/Models/ProvisioningCriteriaLevel3.md
View File

@@ -17,9 +17,9 @@ tags: ['SDK', 'Software Development Kit', 'ProvisioningCriteriaLevel3', 'V2024Pr
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**Operation** | [**ProvisioningCriteriaOperation**](provisioning-criteria-operation) | | [optional]
**Attribute** | **String** | Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error. | [optional]
**Value** | **String** | String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type. | [optional]
**Children** | **String** | Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. | [optional]
**Attribute** | **String** | Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error. | [optional]
**Value** | **String** | String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type. | [optional]
**Children** | **String** | Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. | [optional]
## Examples

8
docs/tools/sdk/powershell/Reference/V2024/Models/Requestability.md
View File

@@ -16,9 +16,10 @@ tags: ['SDK', 'Software Development Kit', 'Requestability', 'V2024Requestability
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**CommentsRequired** | **Boolean** | Whether the requester of the containing object must provide comments justifying the request | [optional] [default to $false]
**DenialCommentsRequired** | **Boolean** | Whether an approver must provide comments when denying the request | [optional] [default to $false]
**ApprovalSchemes** | [**[]AccessProfileApprovalScheme**](access-profile-approval-scheme) | List describing the steps in approving the request | [optional]
**CommentsRequired** | **Boolean** | Indicates whether the requester of the containing object must provide comments justifying the request. | [optional] [default to $false]
**DenialCommentsRequired** | **Boolean** | Indicates whether an approver must provide comments when denying the request. | [optional] [default to $false]
**ReauthorizationRequired** | **Boolean** | Indicates whether reauthorization is required for the request. | [optional] [default to $false]
**ApprovalSchemes** | [**[]AccessProfileApprovalScheme**](access-profile-approval-scheme) | List describing the steps involved in approving the request. | [optional]
## Examples
@@ -26,6 +27,7 @@ Name | Type | Description | Notes
```powershell
$Requestability = Initialize-PSSailpoint.V2024Requestability -CommentsRequired true `
-DenialCommentsRequired true `
-ReauthorizationRequired true `
-ApprovalSchemes null
```

2
docs/tools/sdk/powershell/Reference/V2024/Models/RequestabilityForRole.md
View File

@@ -18,6 +18,7 @@ Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**CommentsRequired** | **Boolean** | Whether the requester of the containing object must provide comments justifying the request | [optional] [default to $false]
**DenialCommentsRequired** | **Boolean** | Whether an approver must provide comments when denying the request | [optional] [default to $false]
**ReauthorizationRequired** | **Boolean** | Indicates whether reauthorization is required for the request. | [optional] [default to $false]
**ApprovalSchemes** | [**[]ApprovalSchemeForRole**](approval-scheme-for-role) | List describing the steps in approving the request | [optional]
## Examples
@@ -26,6 +27,7 @@ Name | Type | Description | Notes
```powershell
$RequestabilityForRole = Initialize-PSSailpoint.V2024RequestabilityForRole -CommentsRequired true `
-DenialCommentsRequired true `
-ReauthorizationRequired true `
-ApprovalSchemes null
```

37
docs/tools/sdk/powershell/Reference/V2024/Models/RequestedForDtoRef.md Normal file
View File

@@ -0,0 +1,37 @@
---
id: v2024-requested-for-dto-ref
title: RequestedForDtoRef
pagination_label: RequestedForDtoRef
sidebar_label: RequestedForDtoRef
sidebar_class_name: powershellsdk
keywords: ['powershell', 'PowerShell', 'sdk', 'RequestedForDtoRef', 'V2024RequestedForDtoRef']
slug: /tools/sdk/powershell/v2024/models/requested-for-dto-ref
tags: ['SDK', 'Software Development Kit', 'RequestedForDtoRef', 'V2024RequestedForDtoRef']
---
# RequestedForDtoRef
## Properties
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**IdentityId** | **String** | The identity id for which the access is requested | [required]
**RequestedItems** | [**[]RequestedItemDtoRef**](requested-item-dto-ref) | the details for the access items that are requested for the identity | [required]
## Examples
- Prepare the resource
```powershell
$RequestedForDtoRef = Initialize-PSSailpoint.V2024RequestedForDtoRef -IdentityId cb89bc2f1ee6445fbea12224c526ba3a `
-RequestedItems null
```
- Convert the resource to JSON
```powershell
$RequestedForDtoRef | ConvertTo-JSON
```
[[Back to top]](#)

Some files were not shown because too many files have changed in this diff Show More