LukeParke/developer.sailpoint.com
1
0
Fork 0
mirror of https://github.com/LukeHagar/developer.sailpoint.com.git synced 2025-12-06 04:19:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Automated commit by github action: 3488872824

Browse Source
This commit is contained in:
GitHub Action Bot
2022-11-17 13:53:47 +00:00
parent 3dd41a8ada
commit 928879c5b1
66 changed files with 1767 additions and 1562 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
static/api-specs/idn/beta/paths/auth-org-lockout-config.yaml
View File

@@ -4,23 +4,23 @@ get:
- Auth Org Configuration
summary: Get the org's auth org lockout configuration.
description: >-
This API returns the details of an org's lockout auth configuration. </br>
This API returns the details of an org's lockout auth configuration.
Requires security scope of: 'sp:auth-org:read'
responses:
'200':
"200":
description: Lockout configuration for the tenant's auth org.
content:
application/json:
schema:
$ref: '../schemas/LockoutConfiguration.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/LockoutConfiguration.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:read]
post:
@@ -29,38 +29,37 @@ post:
- Auth Org Configuration
summary: Create the org's auth org lockout configuration.
description: >-
This API returns the details of an org's lockout auth configuration. </br>
This API returns the details of an org's lockout auth configuration.
Requires security scope of: 'sp:auth-org:create'
requestBody:
required: true
description: >-
Lockout configuration creation request body. </br>
</br>
The following constraints ensure the request body conforms to certain logical guidelines, which are:
Lockout configuration creation request body. The following constraints
ensure the request body conforms to certain logical guidelines, which are:
1. maximumAttempts >= 1 && maximumAttempts <= 15
2. lockoutDuration >= 5 && lockoutDuration <= 60
3. lockoutWindow >= 5 && lockoutDuration <= 60
content:
application/json:
schema:
$ref: '../schemas/LockoutConfiguration.yaml'
$ref: "../schemas/LockoutConfiguration.yaml"
responses:
'200':
"200":
description: Lockout configuration for the tenant.
content:
application/json:
schema:
$ref: '../schemas/LockoutConfiguration.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/LockoutConfiguration.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:create]
patch:
@@ -69,14 +68,16 @@ patch:
- Auth Org Configuration
summary: Update the org's auth org lockout configuration
description: >-
This API updates an existing lockout configuration for an org using PATCH </br>
Requires security scope of: 'sp:auth-org:update'
This API updates an existing lockout configuration for an org using PATCH
Requires security scope of: 'sp:auth-org:update'
requestBody:
required: true
description: >-
A list of auth org lockout configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.<br/>
<br/>
Ensures that the patched Lockout Config conforms to certain logical guidelines, which are:
A list of auth org lockout configuration update operations according to
the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Ensures that the patched Lockout Config conforms to certain logical
guidelines, which are:
1. maximumAttempts >= 1 && maximumAttempts <= 15
2. lockoutDuration >= 5 && lockoutDuration <= 60
3. lockoutWindow >= 5 && lockoutDuration <= 60
@@ -85,7 +86,7 @@ patch:
schema:
type: array
items:
$ref: '../schemas/JsonPatchOperation.yaml'
$ref: "../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/maximumAttempts"
@@ -94,21 +95,21 @@ patch:
path: "/lockoutDuration"
value: 35
responses:
'200':
"200":
description: Updated Auth Org lockout configuration.
content:
application/json:
schema:
$ref: '../schemas/LockoutConfiguration.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/LockoutConfiguration.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:update]

105
static/api-specs/idn/beta/paths/auth-org-network-config.yaml
View File

@@ -4,23 +4,23 @@ get:
- Auth Org Configuration
summary: Get the org's auth org network configuration.
description: >-
This API returns the details of an org's network auth configuration. </br>
This API returns the details of an org's network auth configuration.
Requires security scope of: 'sp:auth-org:read'
responses:
'200':
"200":
description: Network configuration for the tenant's auth org.
content:
application/json:
schema:
$ref: '../schemas/NetworkConfiguration.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/NetworkConfiguration.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:read]
post:
@@ -29,37 +29,38 @@ post:
- Auth Org Configuration
summary: Create the org's auth org network configuration.
description: >-
This API returns the details of an org's network auth configuration. </br>
This API returns the details of an org's network auth configuration.
Requires security scope of: 'sp:auth-org:create'
requestBody:
required: true
description: >-
Network configuration creation request body. </br>
</br>
The following constraints ensure the request body conforms to certain logical guidelines, which are:
1. Each string element in the range array must be a valid ip address or ip subnet mask.
2. Each string element in the geolocation array must be 2 characters, and they can only be uppercase letters.
Network configuration creation request body. The following constraints
ensure the request body conforms to certain logical guidelines, which are:
1. Each string element in the range array must be a valid ip address or
ip subnet mask.
2. Each string element in the geolocation array must be 2 characters,
and they can only be uppercase letters.
content:
application/json:
schema:
$ref: '../schemas/NetworkConfiguration.yaml'
$ref: "../schemas/NetworkConfiguration.yaml"
responses:
'200':
"200":
description: Network configuration for the tenant.
content:
application/json:
schema:
$ref: '../schemas/NetworkConfiguration.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/NetworkConfiguration.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:create]
patch:
@@ -68,22 +69,26 @@ patch:
- Auth Org Configuration
summary: Update the org's auth org network configuration
description: >-
This API updates an existing network configuration for an org using PATCH </br>
Requires security scope of: 'sp:auth-org:update'
This API updates an existing network configuration for an org using PATCH
Requires security scope of: 'sp:auth-org:update'
requestBody:
required: true
description: >-
A list of auth org network configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.<br/>
<br/>
Ensures that the patched Network Config conforms to certain logical guidelines, which are:
1. Each string element in the range array must be a valid ip address or ip subnet mask.
2. Each string element in the geolocation array must be 2 characters, and they can only be uppercase letters.
A list of auth org network configuration update operations according to
the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Ensures that the patched Network Config conforms to certain logical
guidelines, which are:
1. Each string element in the range array must be a valid ip address or
ip subnet mask.
2. Each string element in the geolocation array must be 2 characters,
and they can only be uppercase letters.
content:
application/json-patch+json:
schema:
type: array
items:
$ref: '../schemas/JsonPatchOperation.yaml'
$ref: "../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/whitelisted"
@@ -92,21 +97,21 @@ patch:
path: "/geolocation"
value: ["AF", "HN", "ES"]
responses:
'200':
"200":
description: Updated Auth Org network configuration.
content:
application/json:
schema:
$ref: '../schemas/NetworkConfiguration.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/NetworkConfiguration.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:update]

120
static/api-specs/idn/beta/paths/auth-org-service-provider-config.yaml
View File

@@ -4,27 +4,27 @@ get:
- Auth Org Configuration
summary: Get Service Provider Configuration.
description: >-
This API returns the details of an org's service provider auth configuration. </br>
Requires security scope of: 'sp:auth-org:read'
This API returns the details of an org's service provider auth
configuration. Requires security scope of: 'sp:auth-org:read'
responses:
'200':
"200":
description: Service provider configuration for the tenant.
content:
application/json:
schema:
$ref: '../schemas/ServiceProviderConfiguration.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/ServiceProviderConfiguration.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:read]
patch:
@@ -33,63 +33,73 @@ patch:
- Auth Org Configuration
summary: Update Service Provider Configuration
description: >-
This API updates an existing service provider configuration for an org using PATCH. </br>
Requires security scope of: 'sp:auth-org:update'
This API updates an existing service provider configuration for an org using
PATCH. Requires security scope of: 'sp:auth-org:update'
requestBody:
required: true
description: >-
A list of auth org service provider configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.<br/>
<br/>
Note:<br/>
/federationProtocolDetails/0 is IdpDetails<br/>
/federationProtocolDetails/1 is SpDetails<br/>
<br/>
Ensures that the patched ServiceProviderConfig conforms to certain logical guidelines, which are:
1. Do not add or remove any elements in the federation protocol details in the service provider configuration.
2. Do not modify, add, or delete the service provider details element in the federation protocol details.
3. If this is the first time the patched ServiceProviderConfig enables Remote IDP sign-in, it must also include IDPDetails.
4. If the patch enables Remote IDP sign in, the entityID in the IDPDetails cannot be null. IDPDetails must include an entityID.
A list of auth org service provider configuration update operations
according to the [JSON Patch](https://tools.ietf.org/html/rfc6902)
standard.
Note: /federationProtocolDetails/0 is IdpDetails
/federationProtocolDetails/1 is SpDetails
Ensures that the patched ServiceProviderConfig conforms to certain logical
guidelines, which are:
1. Do not add or remove any elements in the federation protocol details
in the service provider configuration.
2. Do not modify, add, or delete the service provider details element in
the federation protocol details.
3. If this is the first time the patched ServiceProviderConfig enables
Remote IDP sign-in, it must also include IDPDetails.
4. If the patch enables Remote IDP sign in, the entityID in the
IDPDetails cannot be null. IDPDetails must include an entityID.
5. Any JIT configuration update must be valid.
Just in time configuration update must be valid when enabled. This includes:
Just in time configuration update must be valid when enabled. This
includes:
- A Source ID
- Source attribute mappings
- Source attribute maps have all the required key values (firstName, lastName, email)
- Source attribute maps have all the required key values (firstName,
lastName, email)
content:
application/json-patch+json:
schema:
type: array
items:
$ref: '../schemas/JsonPatchOperation.yaml'
$ref: "../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/enabled"
value: true,
- op: "add"
path: "/federationProtocolDetails/0/jitConfiguration"
value: {
"enabled": true,
"sourceId": "2c9180857377ed2901739c12a2da5ac8",
"sourceAttributeMappings": {
"firstName": "okta.firstName",
"lastName": "okta.lastName",
"email": "okta.email",
"employeeNumber": "okta.employeeNumber"
value:
{
"enabled": true,
"sourceId": "2c9180857377ed2901739c12a2da5ac8",
"sourceAttributeMappings":
{
"firstName": "okta.firstName",
"lastName": "okta.lastName",
"email": "okta.email",
"employeeNumber": "okta.employeeNumber",
},
}
}
responses:
'200':
"200":
description: Auth Org Service Provider configuration updated.
content:
application/json:
schema:
$ref: '../schemas/ServiceProviderConfiguration.yaml'
'400':
$ref: "../schemas/ServiceProviderConfiguration.yaml"
"400":
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
$ref: '../../v3/schemas/ErrorResponseDto.yaml'
$ref: "../../v3/schemas/ErrorResponseDto.yaml"
examples:
400.1 Bad Request Content:
description: Response for bad request content
@@ -109,15 +119,15 @@ patch:
- locale: en
localeOrigin: REQUEST
text: JIT source id is invalid.
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:update]

93
static/api-specs/idn/beta/paths/auth-org-session-config.yaml
View File

@@ -4,23 +4,23 @@ get:
- Auth Org Configuration
summary: Get the org's auth org session configuration.
description: >-
This API returns the details of an org's session auth configuration. </br>
This API returns the details of an org's session auth configuration.
Requires security scope of: 'sp:auth-org:read'
responses:
'200':
"200":
description: Session configuration for the tenant's auth org.
content:
application/json:
schema:
$ref: '../schemas/SessionConfiguration.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/SessionConfiguration.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:read]
post:
@@ -29,38 +29,37 @@ post:
- Auth Org Configuration
summary: Create the org's auth org session configuration.
description: >-
This API returns the details of an org's session auth configuration. </br>
This API returns the details of an org's session auth configuration.
Requires security scope of: 'sp:auth-org:create'
requestBody:
required: true
description: >-
Session configuration creation request body. </br>
</br>
The following constraints ensure the request body conforms to certain logical guidelines, which are:
Session configuration creation request body. The following constraints
ensure the request body conforms to certain logical guidelines, which are:
1. maxSessionTime >= 1 && maxSessionTime <= 10080 (1 week)
2. maxIdleTime >= 1 && maxIdleTime <= 1440 (1 day)
3. maxSessionTime must have a greater duration than maxIdleTime.
content:
application/json:
schema:
$ref: '../schemas/SessionConfiguration.yaml'
$ref: "../schemas/SessionConfiguration.yaml"
responses:
'200':
"200":
description: Session configuration for the tenant.
content:
application/json:
schema:
$ref: '../schemas/SessionConfiguration.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/SessionConfiguration.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:create]
patch:
@@ -69,14 +68,16 @@ patch:
- Auth Org Configuration
summary: Update the org's auth org session configuration
description: >-
This API updates an existing session configuration for an org using PATCH </br>
Requires security scope of: 'sp:auth-org:update'
This API updates an existing session configuration for an org using PATCH
Requires security scope of: 'sp:auth-org:update'
requestBody:
required: true
description: >-
A list of auth org session configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.<br/>
<br/>
Ensures that the patched Session Config conforms to certain logical guidelines, which are:
A list of auth org session configuration update operations according to
the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Ensures that the patched Session Config conforms to certain logical
guidelines, which are:
1. maxSessionTime >= 1 && maxSessionTime <= 10080 (1 week)
2. maxIdleTime >= 1 && maxIdleTime <= 1440 (1 day)
3. maxSessionTime must have a greater duration than maxIdleTime.
@@ -85,7 +86,7 @@ patch:
schema:
type: array
items:
$ref: '../schemas/JsonPatchOperation.yaml'
$ref: "../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/rememberMe"
@@ -94,21 +95,21 @@ patch:
path: "/maxSessionTime"
value: 480
responses:
'200':
"200":
description: Updated Auth Org session configuration.
content:
application/json:
schema:
$ref: '../schemas/SessionConfiguration.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/SessionConfiguration.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:update]

46
static/api-specs/idn/beta/paths/authmfa/confirm-registration.yaml
View File

@@ -4,34 +4,40 @@ post:
- Auth MFA
summary: Confirm a user's registration for MFA
description: >-
For a user who is not currently registered for MFA and who has just scanned the QR code containing the TOTP URL provided by the /generate-secret </br>
endpoint, confirms registration for MFA by validating a new TOTP code generated by the authenticator used to scan the QR code containing the TOTP URL.</br>
</br>
Request requires a unique header as proof of partial authentication. This header is called 'slpt-auth-mfa', and it must contain a special </br>
MFA token for calling this endpoint. </br>
</br>
While no specific right is required for a user to confirm registration, it is expected that the caller first make a request to the /generate-secret </br>
endpoint so that a TOTP secret exists as a basis for registration confirmation. It is also assumed that the caller has previously verified that the user is </br>
associated with an auth profile that has MFA enabled.
For a user who is not currently registered for MFA and who has just scanned
the QR code containing the TOTP URL provided by the /generate-secret
endpoint, confirms registration for MFA by validating a new TOTP code
generated by the authenticator used to scan the QR code containing the TOTP
URL.
Request requires a unique header as proof of partial authentication. This
header is called 'slpt-auth-mfa', and it must contain a special MFA token
for calling this endpoint.
While no specific right is required for a user to confirm registration, it
is expected that the caller first make a request to the /generate-secret
endpoint so that a TOTP secret exists as a basis for registration
confirmation. It is also assumed that the caller has previously verified
that the user is associated with an auth profile that has MFA enabled.
requestBody:
description: Request body containing TOTP code to validate.
required: true
content:
application/json:
schema:
$ref: '../../schemas/TotpCodeRequest.yaml'
$ref: "../../schemas/TotpCodeRequest.yaml"
responses:
'200':
"200":
description: Response indicating that the user's MFA has been verified.
content:
application/json:
schema:
$ref: '../../schemas/MfaVerificationResponse.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'429':
$ref: '../../../v3/responses/429.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/MfaVerificationResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"429":
$ref: "../../../v3/responses/429.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

61
static/api-specs/idn/beta/paths/authmfa/generate-mfa-token.yaml
View File

@@ -4,41 +4,46 @@ post:
- Auth MFA
summary: Generate a special token for calling sp-mfa /totp/** APIs
description: >-
Generates an MFA token and establishes an unverified MFA-on-login context state. </br>
Callable by either an internal service or an authenticated user. </br>
</br>
When called by an internal service, the calling service must present the target user's external id as the <code>requestedFor</code> value. </br>
</br>
When called by an authenticated user, the proxying service must present "me" as the the <code>requestedFor</code> value. </br>
</br>
The following rights are required to access this endpoint: <code>sp:mfa-token-all:create</code>, <code>sp:mfa-token-self:create</code> </br>
</br>
If an external id is presented as the request body's <code>requestedFor</code> value, the caller must possess the <code>sp:mfa-token-all:create</code> right. </br>
</br>
This implies that an internal service is obtaining an MFA token on behalf of a user.
Generates an MFA token and establishes an unverified MFA-on-login context
state. Callable by either an internal service or an authenticated user.
When called by an internal service, the calling service must present the
target user's external id as the requestedFor value.
When called by an authenticated user, the proxying service must present "me"
as the the requestedFor value.
The following rights are required to access this endpoint:
sp:mfa-token-all:create, sp:mfa-token-self:create
If an external id is presented as the request body's requestedFor value, the
caller must possess the sp:mfa-token-all:create right.
This implies that an internal service is obtaining an MFA token on behalf of
a user.
requestBody:
description: Request body containing <code>requestedFor</code> value.
description: Request body containing requestedFor value.
required: true
content:
application/json:
schema:
$ref: '../../schemas/GetMfaTokenRequest.yaml'
$ref: "../../schemas/GetMfaTokenRequest.yaml"
responses:
'200':
"200":
description: Response containing an MFA Token.
content:
application/json:
schema:
$ref: '../../schemas/GetMfaTokenResponse.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'404':
$ref: '../../../v3/responses/404.yaml'
'429':
$ref: '../../../v3/responses/429.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/GetMfaTokenResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"404":
$ref: "../../../v3/responses/404.yaml"
"429":
$ref: "../../../v3/responses/429.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

45
static/api-specs/idn/beta/paths/authmfa/generate-secret.yaml
View File

@@ -2,27 +2,34 @@ post:
operationId: authMfaGenerateSecret
tags:
- Auth MFA
summary: Generate a TOTP secret embedded within a TOTP link for use with an authenticator
summary:
Generate a TOTP secret embedded within a TOTP link for use with an
authenticator
description: >-
For a user who is not currently registered for MFA, generates a secret to share with the user's chosen authenticator app. </br>
</br>
Request requires a unique header as proof of partial authentication called 'slpt-auth-mfa', and it must contain a special </br>
MFA token for calling this endpoint. </br>
</br>
While no specific right is required for a user to generate a secret, it is expected that the caller first verify that </br>
the user is associated with an auth profile that has MFA enabled. </br>
For a user who is not currently registered for MFA, generates a secret to
share with the user's chosen authenticator app.
Request requires a unique header as proof of partial authentication called
'slpt-auth-mfa', and it must contain a special MFA token for calling this
endpoint.
While no specific right is required for a user to generate a secret, it is
expected that the caller first verify that the user is associated with an
auth profile that has MFA enabled.
responses:
'200':
description: Response containing user's username, a newly-generated secret, and a TOTP link for a QR code generator to use.
"200":
description:
Response containing user's username, a newly-generated secret, and a
TOTP link for a QR code generator to use.
content:
application/json:
schema:
$ref: '../../schemas/GetSecretResponse.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'429':
$ref: '../../../v3/responses/429.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/GetSecretResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"429":
$ref: "../../../v3/responses/429.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

49
static/api-specs/idn/beta/paths/authmfa/mfa-registration-reset.yaml
View File

@@ -4,37 +4,40 @@ post:
- Auth MFA
summary: Disable a user's registration for MFA
description: >-
Disables a user's registration for MFA. The specified user is tied to the `requestedFor` body param and can either be an external id, </br>
when resetting the registration on someone else's behalf, or "me", when resetting the registration for one's self. </br>
</br>
Either of The following rights is necessary to access this endpoint: </br>
<ul>
<li><code>sp:mfa-login-registration-reset-all:execute</code></li>
<li><code>sp:mfa-login-registration-reset-self:execute</code></li>
</ul>
</br>
The first right allows someone else or a system to reset a user's registration for MFA. The second right allows the user to reset his or her own registration for MFA.
Disables a user's registration for MFA. The specified user is tied to the
`requestedFor` body param and can either be an external id, when resetting
the registration on someone else's behalf, or "me", when resetting the
registration for one's self.
Either of The following rights is necessary to access this endpoint:
sp:mfa-login-registration-reset-all:execute
sp:mfa-login-registration-reset-self:execute
The first right allows someone else or a system to reset a user's
registration for MFA. The second right allows the user to reset his or her
own registration for MFA.
requestBody:
description: MFA registration reset request body.
required: true
content:
application/json:
schema:
$ref: '../../schemas/MfaResetRequest.yaml'
$ref: "../../schemas/MfaResetRequest.yaml"
responses:
'200':
"200":
description: Response indicating that the user is registered for MFA.
content:
application/json:
schema:
$ref: '../../schemas/MfaRegistrationResponse.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'429':
$ref: '../../../v3/responses/429.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/MfaRegistrationResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"429":
$ref: "../../../v3/responses/429.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

33
static/api-specs/idn/beta/paths/authmfa/registration-status.yaml
View File

@@ -4,11 +4,14 @@ get:
- Auth MFA
summary: Determine whether the user is registered for MFA
description: >-
Gives the caller an indication of whether or not the user associated with the <code>externalId</code> path param is registered for MFA. </br>
</br>
The following right is necessary to access this endpoint: <code>sp:mfa-login-registration:read</code>. </br>
</br>
It is also assumed that the caller has previously verified that the user is associated with an auth profile that has MFA enabled.
Gives the caller an indication of whether or not the user associated with
the externalId path param is registered for MFA.
The following right is necessary to access this endpoint:
sp:mfa-login-registration:read.
It is also assumed that the caller has previously verified that the user is
associated with an auth profile that has MFA enabled.
parameters:
- in: path
name: externalId
@@ -18,17 +21,17 @@ get:
description: The user's external ID
example: 2c9180867b50d088017b554662fb281e
responses:
'200':
"200":
description: Response indicating that the user is registered for MFA.
content:
application/json:
schema:
$ref: '../../schemas/MfaRegistrationResponse.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'429':
$ref: '../../../v3/responses/429.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/MfaRegistrationResponse.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"429":
$ref: "../../../v3/responses/429.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

40
static/api-specs/idn/beta/paths/authmfa/verify-code.yaml
View File

@@ -4,32 +4,36 @@ post:
- Auth MFA
summary: Validate a TOTP code generated by a user's authenticator
description: >-
For a user who is registered for MFA, validates a TOTP code generated by the user's authenticator. </br>
</br>
Request requires a unique header as proof of partial authentication. This header is called 'slpt-auth-mfa', and it must contain a special </br>
MFA token for calling this endpoint. </br>
</br>
While no specific right is required for a user to have a TOTP code verified, it is assumed that the caller has previously verified that the user is </br>
associated with an auth profile that has MFA enabled and that the user has already registered an authenticator for multi-factor authentication.
For a user who is registered for MFA, validates a TOTP code generated by the
user's authenticator.
Request requires a unique header as proof of partial authentication. This
header is called 'slpt-auth-mfa', and it must contain a special MFA token
for calling this endpoint.
While no specific right is required for a user to have a TOTP code verified,
it is assumed that the caller has previously verified that the user is
associated with an auth profile that has MFA enabled and that the user has
already registered an authenticator for multi-factor authentication.
requestBody:
description: Request body containing TOTP code to validate.
required: true
content:
application/json:
schema:
$ref: '../../schemas/TotpCodeRequest.yaml'
$ref: "../../schemas/TotpCodeRequest.yaml"
responses:
'200':
"200":
description: Response indicating that the user's MFA has been verified.
content:
application/json:
schema:
$ref: '../../schemas/MfaVerificationResponse.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'429':
$ref: '../../../v3/responses/429.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/MfaVerificationResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"429":
$ref: "../../../v3/responses/429.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

34
static/api-specs/idn/beta/paths/ears-entitlement-bulk-update.yaml
View File

@@ -10,10 +10,10 @@ post:
The number of entitlements to update is limited to 50 items maximum.
The JsonPatch update follows the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.<br/>
allowed operations :<br/>
**{ "op": "replace", "path": "/privileged", "value": boolean }** <br/>
**{ "op": "replace", "path": "/requestable","value": boolean }** <br/>
The JsonPatch update follows the [JSON
Patch](https://tools.ietf.org/html/rfc6902) standard. allowed operations :
**{ "op": "replace", "path": "/privileged", "value": boolean }** **{ "op":
"replace", "path": "/requestable","value": boolean }**
A token with ORG_ADMIN or API authority is required to call this API.
@@ -22,17 +22,17 @@ post:
content:
application/json:
schema:
$ref: '../schemas/EntitlementBulkUpdateRequest.yaml'
$ref: "../schemas/EntitlementBulkUpdateRequest.yaml"
responses:
'204':
$ref: '../../v3/responses/204.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
"204":
$ref: "../../v3/responses/204.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"

37
static/api-specs/idn/beta/paths/mfa-config-test.yaml
View File

@@ -4,8 +4,9 @@ get:
- MFA Configuration
summary: Test configuration of a MFA method
description: >-
This API validates that the configuration is valid and will properly authenticate with the MFA provider identified by the method path parameter.
</br>
This API validates that the configuration is valid and will properly
authenticate with the MFA provider identified by the method path parameter.
A token with ORG_ADMIN authority is required to call this API.
security:
- oauth2: [idn:mfa-config:read]
@@ -18,27 +19,23 @@ get:
required: true
description: >-
The name of the MFA method.
</br>
The currently supported method name is okta-verify.
responses:
'200':
"200":
description: The result of configuration test for the MFA provider.
content:
application/json:
schema:
$ref: '../schemas/MfaConfigTestResponse.yaml'
example:
{
"state": "SUCCESS",
"error": null
}
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/MfaConfigTestResponse.yaml"
example: { "state": "SUCCESS", "error": null }
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"

86
static/api-specs/idn/beta/paths/mfa-config.yaml
View File

@@ -5,7 +5,7 @@ get:
summary: Get configuration of a MFA method
description: >-
This API returns the configuration of a given MFA method.
</br>
A token with ORG_ADMIN authority is required to call this API.
security:
- oauth2: [idn:mfa-config:read]
@@ -18,32 +18,32 @@ get:
required: true
description: >-
The name of the MFA method.
</br>
The currently supported method name is okta-verify.
responses:
'200':
"200":
description: MFA configuration of a given method.
content:
application/json:
schema:
$ref: '../schemas/MfaConfig.yaml'
$ref: "../schemas/MfaConfig.yaml"
example:
{
"enabled": true,
"host": "www.example.com",
"accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y",
"identityAttribute": "email"
"enabled": true,
"host": "www.example.com",
"accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y",
"identityAttribute": "email",
}
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
put:
operationId: setMFAConfig
@@ -52,7 +52,7 @@ put:
summary: Set configuration of a MFA method
description: >-
This API sets the configuration of a given MFA method.
</br>
A token with ORG_ADMIN authority is required to call this API.
security:
- oauth2: [idn:mfa-config:write]
@@ -65,42 +65,42 @@ put:
required: true
description: >-
The name of the MFA method.
</br>
The currently supported method name is okta-verify.
requestBody:
required: true
content:
application/json:
schema:
$ref: '../schemas/MfaConfig.yaml'
$ref: "../schemas/MfaConfig.yaml"
example:
{
"enabled": true,
"host": "www.example.com",
"accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y",
"identityAttribute": "email"
}
{
"enabled": true,
"host": "www.example.com",
"accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y",
"identityAttribute": "email",
}
responses:
'200':
"200":
description: MFA configuration of a given method.
content:
application/json:
schema:
$ref: '../schemas/MfaConfig.yaml'
$ref: "../schemas/MfaConfig.yaml"
example:
{
"enabled": true,
"host": "www.example.com",
"accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y",
"identityAttribute": "email"
"enabled": true,
"host": "www.example.com",
"accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y",
"identityAttribute": "email",
}
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"

46
static/api-specs/idn/beta/paths/non-employee-approval-list.yaml
View File

@@ -14,21 +14,23 @@ get:
schema:
type: string
description: >-
The identity for whom the request was made. *me* indicates the current user.
The identity for whom the request was made. *me* indicates the current
user.
required: false
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- $ref: "../../v3/parameters/limit.yaml"
- $ref: "../../v3/parameters/offset.yaml"
- $ref: "../../v3/parameters/count.yaml"
- in: query
example: "filters=approvalStatus eq 'PENDING'"
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)<br/><br/>
Filtering is supported for the following fields and operators:<br/><br/>
**approvalStatus**: *eq* <br/><br/>
*Example:* approvalStatus eq "PENDING"
Filter results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**approvalStatus**: *eq* *Example:* approvalStatus eq "PENDING"
- in: query
example: "sorters=-created"
name: sorters
@@ -36,25 +38,27 @@ get:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)<br/><br/>
Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified**
responses:
'200':
"200":
description: List of approval items.
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/NonEmployeeApprovalItem.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/NonEmployeeApprovalItem.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"

38
static/api-specs/idn/beta/paths/non-employee-approval-summary.yaml
View File

@@ -6,10 +6,13 @@ get:
- Non-Employee Lifecycle Management
summary: Get Summary of Non-Employee Approval Requests
description: >-
This request will retrieve a summary of non-employee approval requests.<br><br>
There are two contextual uses for the `requested-for` path parameter:<br>
1. The current user is the Org Admin, in which case he or she may request a summary of all non-employee approval requests assigned to a particular approver by passing in that approver's id.<br>
2. The current user is an approver, in which case "me" should be provided as the `requested-for` value. This will provide the approver with a summary of the approval items assigned to him or her.
This request will retrieve a summary of non-employee approval requests.
There are two contextual uses for the `requested-for` path parameter: 1. The
current user is the Org Admin, in which case he or she may request a summary
of all non-employee approval requests assigned to a particular approver by
passing in that approver's id. 2. The current user is an approver, in which
case "me" should be provided as the `requested-for` value. This will provide
the approver with a summary of the approval items assigned to him or her.
parameters:
- in: path
example: "ac10d20a-841e-1e7d-8184-32d2e22c0179"
@@ -17,22 +20,23 @@ get:
schema:
type: string
description: >-
The identity (UUID) of the approver for whom for whom the summary is being retrieved. Use "me" instead to indicate the current user.
The identity (UUID) of the approver for whom for whom the summary is
being retrieved. Use "me" instead to indicate the current user.
required: true
responses:
'200':
"200":
description: summary of non-employee approval requests
content:
application/json:
schema:
$ref: '../schemas/NonEmployeeApprovalSummary.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/NonEmployeeApprovalSummary.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"

76
static/api-specs/idn/beta/paths/non-employee-records.yaml
View File

@@ -11,31 +11,31 @@ post:
Request will require the following security scope:
'idn:nesr:create'
requestBody:
description: Non-Employee record creation request body.
required: true
content:
application/json:
schema:
$ref: '../schemas/NonEmployeeRequestBody.yaml'
$ref: "../schemas/NonEmployeeRequestBody.yaml"
responses:
'200':
"200":
description: Created non-employee record.
content:
application/json:
schema:
$ref: '../schemas/NonEmployeeRecord.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/NonEmployeeRecord.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
get:
operationId: nonEmployeeRecordList
security:
@@ -46,9 +46,9 @@ get:
description: >-
This gets a list of non-employee records.
parameters:
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- $ref: "../../v3/parameters/limit.yaml"
- $ref: "../../v3/parameters/offset.yaml"
- $ref: "../../v3/parameters/count.yaml"
- in: query
required: false
name: sorters
@@ -57,8 +57,12 @@ get:
format: comma-separated
example: accountName,sourceId
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)<br/><br/>
Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**
Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, accountName,
sourceId, manager, firstName, lastName, email, phone, startDate,
endDate, created, modified**
- in: query
name: filters
required: false
@@ -66,26 +70,28 @@ get:
type: string
example: sourceId eq "2c91808568c529c60168cca6f90c1313"
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)<br/><br/>
Filtering is supported for the following fields and operators:<br/><br/>
**sourceId**: *eq* <br/><br/>
*Example:* sourceId eq "2c91808568c529c60168cca6f90c1313"
Filter results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**sourceId**: *eq* *Example:* sourceId eq
"2c91808568c529c60168cca6f90c1313"
responses:
'200':
"200":
description: Non-Employee record objects
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/NonEmployeeRecord.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/NonEmployeeRecord.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"

40
static/api-specs/idn/beta/paths/non-employee-request-summary-get.yaml
View File

@@ -6,34 +6,40 @@ get:
- Non-Employee Lifecycle Management
summary: Get Summary of Non-Employee Requests
description: >-
This request will retrieve a summary of non-employee requests.<br><br>
There are two contextual uses for the `requested-for` path parameter:<br>
1. The current user is the Org Admin, in which case he or she may request a summary of all non-employee approval requests assigned to a particular account manager by passing in that manager's id.<br>
2. The current user is an account manager, in which case "me" should be provided as the `requested-for` value. This will provide the user with a summary of the non-employee requests in the source(s) he or she manages.
This request will retrieve a summary of non-employee requests. There are two
contextual uses for the `requested-for` path parameter: 1. The current user
is the Org Admin, in which case he or she may request a summary of all
non-employee approval requests assigned to a particular account manager by
passing in that manager's id. 2. The current user is an account manager, in
which case "me" should be provided as the `requested-for` value. This will
provide the user with a summary of the non-employee requests in the
source(s) he or she manages.
parameters:
- in: path
example: "ac10d20a-841e-1e7d-8184-32d2e22c0179"
name: requested-for
description: >-
The identity (UUID) of the non-employee account manager for whom the summary is being retrieved. Use "me" instead to indicate the current user.
The identity (UUID) of the non-employee account manager for whom the
summary is being retrieved. Use "me" instead to indicate the current
user.
required: true
schema:
type: string
format: uuid (if user is Org Admin)
responses:
'200':
"200":
description: Non-Employee request summary object.
content:
application/json:
schema:
$ref: '../schemas/NonEmployeeRequestSummary.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/NonEmployeeRequestSummary.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"

81
static/api-specs/idn/beta/paths/non-employee-requests.yaml
View File

@@ -13,20 +13,20 @@ post:
content:
application/json:
schema:
$ref: '../schemas/NonEmployeeRequestBody.yaml'
$ref: "../schemas/NonEmployeeRequestBody.yaml"
responses:
'200':
"200":
description: Non-Employee request creation object
content:
application/json:
schema:
$ref: '../schemas/NonEmployeeRequest.yaml'
'400':
$ref: "../schemas/NonEmployeeRequest.yaml"
"400":
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
$ref: '../../v3/schemas/ErrorResponseDto.yaml'
$ref: "../../v3/schemas/ErrorResponseDto.yaml"
examples:
400.1 Bad Request Content:
description: Response for bad request content
@@ -45,15 +45,17 @@ post:
messages:
- locale: en
localeOrigin: REQUEST
text: Unable to create Non-Employee because the accountName "existed" is already being used.
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
text:
Unable to create Non-Employee because the accountName
"existed" is already being used.
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
get:
operationId: nonEmployeeRequestList
security:
@@ -64,9 +66,9 @@ get:
description: >-
This gets a list of non-employee requests.
parameters:
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- $ref: "../../v3/parameters/limit.yaml"
- $ref: "../../v3/parameters/offset.yaml"
- $ref: "../../v3/parameters/count.yaml"
- in: query
name: requested-for
required: true
@@ -74,7 +76,8 @@ get:
type: string
example: me
description: >-
The identity for whom the request was made. *me* indicates the current user.
The identity for whom the request was made. *me* indicates the current
user.
- in: query
name: sorters
required: false
@@ -83,8 +86,12 @@ get:
format: comma-separated
example: approvalStatus,firstName
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)<br/><br/>
Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**
Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created,
approvalStatus, firstName, lastName, email, phone, accountName,
startDate, endDate**
- in: query
name: filters
required: false
@@ -92,26 +99,28 @@ get:
type: string
example: sourceId eq "2c91808568c529c60168cca6f90c1313"
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)<br/><br/>
Filtering is supported for the following fields and operators:<br/><br/>
**sourceId**: *eq* <br/><br/>
*Example:* sourceId eq "2c91808568c529c60168cca6f90c1313"
Filter results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**sourceId**: *eq* *Example:* sourceId eq
"2c91808568c529c60168cca6f90c1313"
responses:
'200':
"200":
description: List of non-employee request objects.
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/NonEmployeeRequest.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/NonEmployeeRequest.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"

88
static/api-specs/idn/beta/paths/non-employee-source.yaml
View File

@@ -17,22 +17,22 @@ get:
schema:
type: string
responses:
'200':
"200":
description: Non-Employee source object.
content:
application/json:
schema:
$ref: '../schemas/NonEmployeeSource.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/NonEmployeeSource.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
patch:
operationId: nonEmployeeSourcePatch
security:
@@ -41,8 +41,8 @@ patch:
- Non-Employee Lifecycle Management
summary: Patch a Non-Employee Source
description: >-
patch a non-employee source. (Partial Update) <br/>
Patchable field: **name, description, approvers, accountManagers**
patch a non-employee source. (Partial Update) Patchable field: **name,
description, approvers, accountManagers**
Request will require the following security scope:
@@ -56,38 +56,44 @@ patch:
schema:
type: string
requestBody:
description: A list of non-employee source update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
description:
A list of non-employee source update operations according to the [JSON
Patch](https://tools.ietf.org/html/rfc6902) standard.
required: true
content:
application/json-patch+json:
schema:
type: array
items:
$ref: '../schemas/JsonPatchOperation.yaml'
$ref: "../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/name"
value: { "new name" }
- op: "replace"
path: "/approvers"
value: [ "2c91809f703bb37a017040a2fe8748c7", "48b1f463c9e8427db5a5071bd81914b8" ]
value:
[
"2c91809f703bb37a017040a2fe8748c7",
"48b1f463c9e8427db5a5071bd81914b8",
]
responses:
'200':
"200":
description: A patched non-employee source object.
content:
application/json:
schema:
$ref: '../schemas/NonEmployeeSource.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/NonEmployeeSource.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
delete:
operationId: nonEmployeeSourceDelete
security:
@@ -110,15 +116,15 @@ delete:
schema:
type: string
responses:
'204':
$ref: '../../v3/responses/204.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
"204":
$ref: "../../v3/responses/204.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"

66
static/api-specs/idn/beta/paths/non-employee-sources.yaml
View File

@@ -17,24 +17,24 @@ post:
content:
application/json:
schema:
$ref: '../schemas/NonEmployeeSourceRequestBody.yaml'
$ref: "../schemas/NonEmployeeSourceRequestBody.yaml"
responses:
'200':
"200":
description: Created non-employee source.
content:
application/json:
schema:
$ref: '../schemas/NonEmployeeSourceWithCloudExternalId.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/NonEmployeeSourceWithCloudExternalId.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
get:
operationId: nonEmployeeSourcesList
security:
@@ -45,9 +45,9 @@ get:
description: >-
This gets a list of non-employee sources.
parameters:
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- $ref: "../../v3/parameters/limit.yaml"
- $ref: "../../v3/parameters/offset.yaml"
- $ref: "../../v3/parameters/count.yaml"
- in: query
required: true
name: requested-for
@@ -55,7 +55,8 @@ get:
schema:
type: string
description: >-
The identity for whom the request was made. *me* indicates the current user.
The identity for whom the request was made. *me* indicates the current
user.
- in: query
required: true
name: non-employee-count
@@ -63,7 +64,8 @@ get:
schema:
type: boolean
description: >-
The flag to determine whether return a non-employee count associate with source.
The flag to determine whether return a non-employee count associate with
source.
- in: query
name: sorters
required: false
@@ -72,24 +74,26 @@ get:
format: comma-separated
example: name,created
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)<br/><br/>
Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created**
responses:
'200':
"200":
description: List of non-employee sources objects.
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/NonEmployeeSourceWithNECount.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/NonEmployeeSourceWithNECount.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"

41
static/api-specs/idn/beta/paths/personal-access-token.yaml
View File

@@ -4,14 +4,13 @@ delete:
- Personal Access Tokens
summary: Delete Personal Access Token
description: >-
This deletes a personal access token </br>
</br>
Any of the following rights are required to access this resource:
<ul>
<li>idn:my-personal-access-tokens:delete</li>
<li>idn:all-personal-access-tokens:delete</li>
<li>idn:managed-personal-access-tokens:delete</li>
</ul>
This deletes a personal access token
Any of the following rights are required to access this resource:
idn:my-personal-access-tokens:delete
idn:all-personal-access-tokens:delete
idn:managed-personal-access-tokens:delete
parameters:
- in: path
name: id
@@ -21,17 +20,17 @@ delete:
description: The personal access token id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
"204":
description: No content.
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"

109
static/api-specs/idn/beta/paths/personal-access-tokens.yaml
View File

@@ -4,87 +4,92 @@ get:
- Personal Access Tokens
summary: List Personal Access Tokens
description: >-
This gets a collection of personal access tokens associated with the optional <code>owner-id</code>. </br>
query parameter. If the <code>owner-id</code> query parameter is omitted, all personal access tokens </br>
for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right. </br>
</br>
Any of the following rights are required to access this resource:
<ul>
<li>idn:my-personal-access-tokens:read</li>
<li>idn:all-personal-access-tokens:read</li>
<li>idn:managed-personal-access-tokens:read</li>
</ul>
This gets a collection of personal access tokens associated with the
optional owner-id. query parameter. If the owner-id query parameter is
omitted, all personal access tokens
for a tenant will be retrieved, but the caller must have the
'idn:all-personal-access-tokens:read' right.
Any of the following rights are required to access this resource:
idn:my-personal-access-tokens:read
idn:all-personal-access-tokens:read
idn:managed-personal-access-tokens:read
parameters:
- in: query
name: owner-id
description: >-
The identity ID of the owner whose personal access tokens should be listed. </br>
If "me", the caller should have the following right: 'idn:my-personal-access-tokens:read'</br>
</br>
If an actual owner ID or if the <code>owner-id</code> parameter is omitted in the request, </br>
the caller should have the following right: 'idn:all-personal-access-tokens:read'. </br>
</br>
If the caller has the following right, then managed personal access tokens associated with <code>owner-id</code> </br>
will be retrieved: 'idn:managed-personal-access-tokens:read'
The identity ID of the owner whose personal access tokens should be
listed. If "me", the caller should have the following right:
'idn:my-personal-access-tokens:read'
If an actual owner ID or if the owner-id parameter is omitted in the
request, the caller should have the following right:
'idn:all-personal-access-tokens:read'.
If the caller has the following right, then managed personal access
tokens associated with owner-id will be retrieved:
'idn:managed-personal-access-tokens:read'
required: false
schema:
type: string
default: null
example: 2c9180867b50d088017b554662fb281e
responses:
'200':
"200":
description: List of personal access tokens.
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/GetPersonalAccessTokenResponse.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/GetPersonalAccessTokenResponse.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
post:
operationId: createPersonalAccessToken
tags:
- Personal Access Tokens
summary: Create Personal Access Token
description: >-
This creates a personal access token. </br>
</br>
Any of the following rights are required to access this resource:
<ul>
<li>idn:my-personal-access-tokens:create</li>
<li>idn:all-personal-access-tokens:create</li>
<li>idn:managed-personal-access-tokens:create</li>
</ul>
This creates a personal access token.
Any of the following rights are required to access this resource:
idn:my-personal-access-tokens:create
idn:all-personal-access-tokens:create
idn:managed-personal-access-tokens:create
requestBody:
description: Name and scope of personal access token.
required: true
content:
application/json:
schema:
$ref: '../schemas/CreatePersonalAccessTokenRequest.yaml'
$ref: "../schemas/CreatePersonalAccessTokenRequest.yaml"
responses:
'200':
description: Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed.
"200":
description:
Created. Note - this is the only time Personal Access Tokens' secret
attribute will be displayed.
content:
application/json:
schema:
$ref: '../schemas/CreatePersonalAccessTokenResponse.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
$ref: "../schemas/CreatePersonalAccessTokenResponse.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"

70
static/api-specs/idn/beta/paths/sod-exceptions.yaml
View File

@@ -15,23 +15,23 @@ post:
content:
application/json:
schema:
$ref: '../schemas/sod/models/Exception.yaml'
$ref: "../schemas/sod/models/Exception.yaml"
examples:
Exception created:
$ref: '../schemas/sod/examples/exception-body.yaml'
$ref: "../schemas/sod/examples/exception-body.yaml"
responses:
'201':
$ref: '../schemas/sod/responses/201.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
"201":
$ref: "../schemas/sod/responses/201.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
get:
operationId: listSodExceptions
tags:
@@ -45,23 +45,23 @@ get:
A token with API authority is required to call this API.
parameters:
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- $ref: "../../v3/parameters/limit.yaml"
- $ref: "../../v3/parameters/offset.yaml"
- $ref: "../../v3/parameters/count.yaml"
- in: query
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filter results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in* <br/>
**sodPolicy.id**: *eq, in* <br/>
**identity.id**: *eq, in*
**id**: *eq, in* **sodPolicy.id**: *eq, in* **identity.id**: *eq, in*
example: identity.id eq "bc693f07e7b645539626c25954c58554"
required: false
- in: query
@@ -70,7 +70,9 @@ get:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields:
@@ -80,15 +82,15 @@ get:
example: identity.id,-start
required: false
responses:
'200':
$ref: '../schemas/sod/responses/200-list.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
"200":
$ref: "../schemas/sod/responses/200-list.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"

479
static/api-specs/idn/beta/paths/sod-policies.yaml
View File

@@ -6,7 +6,9 @@ post:
# security:
# - oauth2: [ORG_ADMIN]
description: >-
This creates both General and Conflicting Access Based policy, with a limit of 50 entitlements for each (left & right) criteria for Conflicting Access Based SOD policy
This creates both General and Conflicting Access Based policy, with a limit
of 50 entitlements for each (left & right) criteria for Conflicting Access
Based SOD policy
Requires role of ORG_ADMIN
requestBody:
@@ -14,75 +16,86 @@ post:
content:
application/json:
schema:
$ref: '../schemas/SodPolicy.yaml'
$ref: "../schemas/SodPolicy.yaml"
examples:
Conflicting Access Based Policy:
value:
{
"name": "Conflicting-Policy-Name",
"description": "This policy ensures compliance of xyz",
"ownerRef": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Owner Name"
},
"externalPolicyReference": "XYZ policy",
"compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
"correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
"state": "ENFORCED",
"tags": [
"string"
],
"creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"violationOwnerAssignmentConfig": {
"assignmentRule": "MANAGER",
"ownerRef": {
"ownerRef":
{
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Violation Owner Name"
}
},
"name": "Owner Name",
},
"externalPolicyReference": "XYZ policy",
"compensatingControls":
'Have a manager review the transaction decisions for their
"out of compliance" employee',
"correctionAdvice":
"Based on the role of the employee, managers should remove
access that is not required for their job function.",
"state": "ENFORCED",
"tags": ["string"],
"creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"violationOwnerAssignmentConfig":
{
"assignmentRule": "MANAGER",
"ownerRef":
{
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Violation Owner Name",
},
},
"scheduled": true,
"type": "CONFLICTING_ACCESS_BASED",
"conflictingAccessCriteria": {
"leftCriteria": {
"name": "money-in",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a66"
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a67"
}
]
"conflictingAccessCriteria":
{
"leftCriteria":
{
"name": "money-in",
"criteriaList":
[
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a66",
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a67",
},
],
},
"rightCriteria":
{
"name": "money-out",
"criteriaList":
[
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a68",
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a69",
},
],
},
},
"rightCriteria": {
"name": "money-out",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a68"
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a69"
}
]
}
}
}
General Policy:
value:
{
"description": "Description",
"ownerRef": {
"type": "IDENTITY",
"id": "2c918087682f9a86016839c05e8f1aff",
"name": "Owner Name"
},
"ownerRef":
{
"type": "IDENTITY",
"id": "2c918087682f9a86016839c05e8f1aff",
"name": "Owner Name",
},
"externalPolicyReference": "New policy",
"policyQuery": "policy query implementation",
"compensatingControls": "Compensating controls",
@@ -93,15 +106,15 @@ post:
"creatorId": "2c918087682f9a86016839c05e8f1aff",
"modifierId": null,
"violationOwnerAssignmentConfig": null,
"name": "General-Policy-Name"
"name": "General-Policy-Name",
}
responses:
'201':
"201":
description: SOD policy created
content:
application/json:
schema:
$ref: '../schemas/SodPolicy.yaml'
$ref: "../schemas/SodPolicy.yaml"
examples:
Conflicting Access Based Policy:
value:
@@ -111,69 +124,84 @@ post:
"created": "2020-01-01T00:00:00.000000Z",
"modified": "2020-01-01T00:00:00.000000Z",
"description": "This policy ensures compliance of xyz",
"ownerRef": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Owner Name"
},
"externalPolicyReference": "XYZ policy",
"policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)",
"compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
"correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
"state": "ENFORCED",
"tags": [
"string"
],
"creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"violationOwnerAssignmentConfig": {
"assignmentRule": "MANAGER",
"ownerRef": {
"ownerRef":
{
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Violation Owner Name"
}
},
"name": "Owner Name",
},
"externalPolicyReference": "XYZ policy",
"policyQuery":
"@access(id:2c9180866166b5b0016167c32ef31a66 OR
id:2c9180866166b5b0016167c32ef31a67) AND
@access(id:2c9180866166b5b0016167c32ef31a68 OR
id:2c9180866166b5b0016167c32ef31a69)",
"compensatingControls":
'Have a manager review the transaction decisions for their
"out of compliance" employee',
"correctionAdvice":
"Based on the role of the employee, managers should remove
access that is not required for their job function.",
"state": "ENFORCED",
"tags": ["string"],
"creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"violationOwnerAssignmentConfig":
{
"assignmentRule": "MANAGER",
"ownerRef":
{
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Violation Owner Name",
},
},
"scheduled": true,
"type": "CONFLICTING_ACCESS_BASED",
"conflictingAccessCriteria": {
"leftCriteria": {
"name": "money-in",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a66"
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a67"
}
]
"conflictingAccessCriteria":
{
"leftCriteria":
{
"name": "money-in",
"criteriaList":
[
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a66",
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a67",
},
],
},
"rightCriteria":
{
"name": "money-out",
"criteriaList":
[
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a68",
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a69",
},
],
},
},
"rightCriteria": {
"name": "money-out",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a68"
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a69"
}
]
}
}
}
General Policy:
value:
{
"description": "Description",
"ownerRef": {
"type": "IDENTITY",
"id": "2c918087682f9a86016839c05e8f1aff",
"name": "Owner Name"
},
"ownerRef":
{
"type": "IDENTITY",
"id": "2c918087682f9a86016839c05e8f1aff",
"name": "Owner Name",
},
"externalPolicyReference": "New policy",
"policyQuery": "policy query implementation",
"compensatingControls": "Compensating controls",
@@ -189,18 +217,18 @@ post:
"id": "52c11db4-733e-4c31-949a-766c95ec95f1",
"name": "General-Policy-Name",
"created": "2020-05-12T19:47:38Z",
"modified": "2020-05-12T19:47:38Z"
"modified": "2020-05-12T19:47:38Z",
}
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
get:
operationId: listSodPolicies
tags:
@@ -213,128 +241,143 @@ get:
Requires role of ORG_ADMIN
parameters:
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- $ref: "../../v3/parameters/limit.yaml"
- $ref: "../../v3/parameters/offset.yaml"
- $ref: "../../v3/parameters/count.yaml"
- in: query
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filter results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq* <br/>
**name**: *eq* <br/>
**state**: *eq*
**id**: *eq* **name**: *eq* **state**: *eq*
example: id eq "bc693f07e7b645539626c25954c58554"
required: false
responses:
'200':
"200":
description: List of all SOD Policies.
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/SodPolicy.yaml'
$ref: "../schemas/SodPolicy.yaml"
example:
[
{
"id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"name": "Conflicting-Policy-Name",
"created": "2020-01-01T00:00:00.000000Z",
"modified": "2020-01-01T00:00:00.000000Z",
"description": "This policy ensures compliance of xyz",
"ownerRef": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Owner Name"
},
"externalPolicyReference": "XYZ policy",
"policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)",
"compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
"correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
"state": "ENFORCED",
"tags": [
"string"
],
"creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"violationOwnerAssignmentConfig": {
"assignmentRule": "MANAGER",
"ownerRef": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Violation Owner Name"
}
},
"scheduled": true,
"type": "CONFLICTING_ACCESS_BASED",
"conflictingAccessCriteria": {
"leftCriteria": {
"name": "money-in",
"criteriaList": [
{
"id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"name": "Conflicting-Policy-Name",
"created": "2020-01-01T00:00:00.000000Z",
"modified": "2020-01-01T00:00:00.000000Z",
"description": "This policy ensures compliance of xyz",
"ownerRef":
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a66"
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Owner Name",
},
"externalPolicyReference": "XYZ policy",
"policyQuery":
"@access(id:2c9180866166b5b0016167c32ef31a66 OR
id:2c9180866166b5b0016167c32ef31a67) AND
@access(id:2c9180866166b5b0016167c32ef31a68 OR
id:2c9180866166b5b0016167c32ef31a69)",
"compensatingControls":
'Have a manager review the transaction decisions for their
"out of compliance" employee',
"correctionAdvice":
"Based on the role of the employee, managers should remove
access that is not required for their job function.",
"state": "ENFORCED",
"tags": ["string"],
"creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"violationOwnerAssignmentConfig":
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a67"
}
]
},
"rightCriteria": {
"name": "money-out",
"criteriaList": [
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a68"
"assignmentRule": "MANAGER",
"ownerRef":
{
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Violation Owner Name",
},
},
"scheduled": true,
"type": "CONFLICTING_ACCESS_BASED",
"conflictingAccessCriteria":
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a69"
}
]
}
}
},
{
"description": "Description",
"ownerRef": {
"type": "IDENTITY",
"id": "2c918087682f9a86016839c05e8f1aff",
"name": "Owner Name"
"leftCriteria":
{
"name": "money-in",
"criteriaList":
[
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a66",
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a67",
},
],
},
"rightCriteria":
{
"name": "money-out",
"criteriaList":
[
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a68",
},
{
"type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a69",
},
],
},
},
},
{
"description": "Description",
"ownerRef":
{
"type": "IDENTITY",
"id": "2c918087682f9a86016839c05e8f1aff",
"name": "Owner Name",
},
"externalPolicyReference": "New policy",
"policyQuery": "policy query implementation",
"compensatingControls": "Compensating controls",
"correctionAdvice": "Correction advice",
"tags": [],
"state": "ENFORCED",
"scheduled": false,
"creatorId": "2c918087682f9a86016839c05e8f1aff",
"modifierId": null,
"violationOwnerAssignmentConfig": null,
"type": "GENERAL",
"conflictingAccessCriteria": null,
"id": "52c11db4-733e-4c31-949a-766c95ec95f1",
"name": "General-Policy-Name",
"created": "2020-05-12T19:47:38Z",
"modified": "2020-05-12T19:47:38Z",
},
"externalPolicyReference": "New policy",
"policyQuery": "policy query implementation",
"compensatingControls": "Compensating controls",
"correctionAdvice": "Correction advice",
"tags": [],
"state": "ENFORCED",
"scheduled": false,
"creatorId": "2c918087682f9a86016839c05e8f1aff",
"modifierId": null,
"violationOwnerAssignmentConfig": null,
"type": "GENERAL",
"conflictingAccessCriteria": null,
"id": "52c11db4-733e-4c31-949a-766c95ec95f1",
"name": "General-Policy-Name",
"created": "2020-05-12T19:47:38Z",
"modified": "2020-05-12T19:47:38Z"
}
]
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"

32
static/api-specs/idn/beta/paths/supportlogin/access-granter-support-login-get.yaml
View File

@@ -4,9 +4,11 @@ get:
- Auth Support Login
summary: Get an access granter support login record by granter tenant
description: >-
Fetch the auth support login record associated with the tenant requesting support (i.e., the tenant requesting support). To be invoked by the authTenant. </br>
</br>
Request will require the following security scope: </br>
Fetch the auth support login record associated with the tenant requesting
support (i.e., the tenant requesting support). To be invoked by the
authTenant.
Request will require the following security scope:
**sp:auth-support-login:read**
parameters:
- in: path
@@ -18,19 +20,19 @@ get:
type: string
responses:
'200':
"200":
description: access granter support login response.
content:
application/json:
schema:
$ref: '../../schemas/AccessGranterAuthSupportLoginResponse.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'404':
$ref: '../../../v3/responses/404.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/AccessGranterAuthSupportLoginResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"404":
$ref: "../../../v3/responses/404.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

51
static/api-specs/idn/beta/paths/supportlogin/access-granter-support-login-list.yaml
View File

@@ -4,46 +4,51 @@ get:
- Auth Support Login
summary: List access granter support login records
description: >-
Fetch the list of auth support login records that grant access to the auth tenant (i.e., the tenant providing support). To be invoked by the authTenant.</br>
</br>
Request will require the following security scope: </br>
**sp:auth-support-login:read**
Fetch the list of auth support login records that grant access to the auth
tenant (i.e., the tenant providing support). To be invoked by the
authTenant. Request will require the following security scope:
**sp:auth-support-login:read**
parameters:
- $ref: '../../../v3/parameters/limit.yaml'
- $ref: '../../../v3/parameters/offset.yaml'
- $ref: '../../../v3/parameters/count.yaml'
- $ref: "../../../v3/parameters/limit.yaml"
- $ref: "../../../v3/parameters/offset.yaml"
- $ref: "../../../v3/parameters/count.yaml"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)<br/><br/>
Sorting is supported for the following fields: **accessGranterTenant, authUserName, role, expirationDate**
Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **accessGranterTenant,
authUserName, role, expirationDate**
- in: query
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)<br/><br/>
Filtering is supported for the following fields and operators:<br/><br/>
**accessGranterTenant**: *eq, co, sw* <br/><br/>
*Example:* accessGranterTenant eq "acme-solar", accessGranterTenant co "solar"
Filter results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**accessGranterTenant**: *eq, co, sw* *Example:* accessGranterTenant eq
"acme-solar", accessGranterTenant co "solar"
responses:
'200':
"200":
description: list of access granter support login responses.
content:
application/json:
schema:
type: array
items:
$ref: '../../schemas/AccessGranterAuthSupportLoginResponse.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/AccessGranterAuthSupportLoginResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

35
static/api-specs/idn/beta/paths/supportlogin/auth-support-login-create.yaml
View File

@@ -3,32 +3,33 @@ tags:
- Auth Support Login
summary: Create auth support login record
description: >-
This request will create an auth support login record allowing the authTenant to be able to login as a support user into the tenant requesting support. </br>
</br>
Request will require the following security scope: </br>
This request will create an auth support login record allowing the authTenant
to be able to login as a support user into the tenant requesting support.
Request will require the following security scope:
**sp:auth-support-login:create**
requestBody:
description: Auth support login creation request body.
required: true
content:
application/json:
schema:
$ref: '../../schemas/AuthSupportLoginRequest.yaml'
$ref: "../../schemas/AuthSupportLoginRequest.yaml"
responses:
'200':
"200":
description: Created auth support login record.
content:
application/json:
schema:
$ref: '../../schemas/AuthSupportLoginResponse.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'429':
$ref: '../../../v3/responses/429.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/AuthSupportLoginResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"429":
$ref: "../../../v3/responses/429.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

30
static/api-specs/idn/beta/paths/supportlogin/auth-support-login-delete.yaml
View File

@@ -3,10 +3,8 @@ tags:
- Auth Support Login
summary: Delete auth support login record by auth tenant
description: >-
This request will delete an auth support login record. <br/>
</br>
Request will require the following security scope: </br>
**sp:auth-support-login:delete**
This request will delete an auth support login record. Request will require
the following security scope: **sp:auth-support-login:delete**
parameters:
- in: path
name: authTenant
@@ -16,15 +14,15 @@ parameters:
schema:
type: string
responses:
'204':
$ref: '../../../v3/responses/204.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'404':
$ref: '../../../v3/responses/404.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
"204":
$ref: "../../../v3/responses/204.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"404":
$ref: "../../../v3/responses/404.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

32
static/api-specs/idn/beta/paths/supportlogin/auth-support-login-get.yaml
View File

@@ -3,11 +3,11 @@ tags:
- Auth Support Login
summary: Get auth support login record by auth tenant
description: >-
Fetch an auth support login record by an authorized auth tenant. </br>
</br>
Request will require the following security scope: </br>
Fetch an auth support login record by an authorized auth tenant.
Request will require the following security scope:
**sp:auth-support-login:read**
parameters:
- in: path
name: authTenant
@@ -17,19 +17,19 @@ parameters:
schema:
type: string
responses:
'200':
"200":
description: auth support login response.
content:
application/json:
schema:
$ref: '../../schemas/AuthSupportLoginResponse.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'404':
$ref: '../../../v3/responses/404.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/AuthSupportLoginResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"404":
$ref: "../../../v3/responses/404.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

48
static/api-specs/idn/beta/paths/supportlogin/auth-support-login-list.yaml
View File

@@ -3,45 +3,49 @@ tags:
- Auth Support Login
summary: List auth support login records
description: >-
Fetch list of auth support login records that the tenant has granted access to.</br>
</br>
Request will require the following security scope:</br>
Fetch list of auth support login records that the tenant has granted access
to. Request will require the following security scope:
**sp:auth-support-login:read**
parameters:
- $ref: '../../../v3/parameters/limit.yaml'
- $ref: '../../../v3/parameters/offset.yaml'
- $ref: '../../../v3/parameters/count.yaml'
- $ref: "../../../v3/parameters/limit.yaml"
- $ref: "../../../v3/parameters/offset.yaml"
- $ref: "../../../v3/parameters/count.yaml"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)<br/><br/>
Sorting is supported for the following fields: **authTenant, authUserName, role, expirationDate**
Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **authTenant, authUserName,
role, expirationDate**
- in: query
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)<br/><br/>
Filtering is supported for the following fields and operators:<br/><br/>
**authTenant**: *eq, sw* <br/><br/>
*Example:* authTenant eq "sailpoint", accessGranterTenant sw "sail"
Filter results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**authTenant**: *eq, sw* *Example:* authTenant eq "sailpoint",
accessGranterTenant sw "sail"
responses:
'200':
"200":
description: list of auth support login responses.
content:
application/json:
schema:
type: array
items:
$ref: '../../schemas/AuthSupportLoginResponse.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/AuthSupportLoginResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

38
static/api-specs/idn/beta/paths/supportlogin/auth-support-login-patch.yaml
View File

@@ -3,11 +3,9 @@ tags:
- Auth Support Login
summary: Patch auth support login record by auth tenant
description: >-
This request will patch an auth support login record. <br/>
Patchable fields: **expirationDate** </br></br>
</br>
Request will require the following security scope: </br>
**sp:auth-support-login:update**
This request will patch an auth support login record. Patchable fields:
**expirationDate** Request will require the following security
scope: **sp:auth-support-login:update**
parameters:
- in: path
name: authTenant
@@ -17,32 +15,34 @@ parameters:
schema:
type: string
requestBody:
description: A list of auth support login update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
description:
A list of auth support login update operations according to the [JSON
Patch](https://tools.ietf.org/html/rfc6902) standard.
required: true
content:
application/json-patch+json:
schema:
type: array
items:
$ref: '../../schemas/JsonPatchOperation.yaml'
$ref: "../../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/expirationDate"
value: "2030-08-23T18:00:00.000Z"
responses:
'200':
"200":
description: Updated auth support login record.
content:
application/json:
schema:
$ref: '../../schemas/AuthSupportLoginResponse.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'404':
$ref: '../../../v3/responses/404.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/AuthSupportLoginResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"404":
$ref: "../../../v3/responses/404.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

35
static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfer-get.yaml
View File

@@ -3,9 +3,9 @@ tags:
- Auth Support Login
summary: Get auth support transfer status record by tenant
description: >-
Fetches an auth support transfer status record by tenant. </br>
</br>
This request requires the following security scope: </br>
Fetches an auth support transfer status record by tenant.
This request requires the following security scope:
**sp:auth-support-login-transfer:read**
parameters:
- in: path
@@ -16,19 +16,22 @@ parameters:
schema:
type: string
responses:
'200':
description: Response containing the name of the tenant associated with an auth support login access grant and an indication whether that tenant has been transferred yet.
"200":
description:
Response containing the name of the tenant associated with an auth support
login access grant and an indication whether that tenant has been
transferred yet.
content:
application/json:
schema:
$ref: '../../schemas/AuthSupportTransferStatusResponse.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'404':
$ref: '../../../v3/responses/404.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/AuthSupportTransferStatusResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"404":
$ref: "../../../v3/responses/404.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

42
static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfer-post.yaml
View File

@@ -3,10 +3,11 @@ tags:
- Auth Support Login
summary: Transfer auth support login grant
description: >-
Transfers an auth support login access grant for the specified tenant by setting the transferred field in the</br>
tenant's auth support transfer status record to "true" and deleting the tenant's initial auth support login record.</br>
</br>
This request requires the following security scope: </br>
Transfers an auth support login access grant for the specified tenant by
setting the transferred field in the tenant's auth support transfer status
record to "true" and deleting the tenant's initial auth support login record.
This request requires the following security scope:
**sp:auth-support-login-transfer:update**
parameters:
- in: path
@@ -17,21 +18,24 @@ parameters:
schema:
type: string
responses:
'200':
description: Response containing the name of the tenant associated with an auth support login access grant and an indication whether that tenant has been transferred yet.
"200":
description:
Response containing the name of the tenant associated with an auth support
login access grant and an indication whether that tenant has been
transferred yet.
content:
application/json:
schema:
$ref: '../../schemas/AuthSupportTransferStatusResponse.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'404':
$ref: '../../../v3/responses/404.yaml'
'429':
$ref: '../../../v3/responses/429.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/AuthSupportTransferStatusResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"404":
$ref: "../../../v3/responses/404.yaml"
"429":
$ref: "../../../v3/responses/429.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

46
static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfers-list.yaml
View File

@@ -4,45 +4,47 @@ get:
- Auth Support Login
summary: List auth support transfer status records
description: >-
Fetches a list of auth support transfer status records that indicate whether an auth support login has been transferred.</br>
</br>
This request requires the following security scope:</br>
**sp:auth-support-login-transfer:read**
Fetches a list of auth support transfer status records that indicate whether
an auth support login has been transferred. This request requires the
following security scope: **sp:auth-support-login-transfer:read**
parameters:
- $ref: '../../../v3/parameters/limit.yaml'
- $ref: '../../../v3/parameters/offset.yaml'
- $ref: '../../../v3/parameters/count.yaml'
- $ref: "../../../v3/parameters/limit.yaml"
- $ref: "../../../v3/parameters/offset.yaml"
- $ref: "../../../v3/parameters/count.yaml"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)<br/><br/>
Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **tenant**
- in: query
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)<br/><br/>
Filtering is supported for the following fields and operators:<br/><br/>
**transferred**: *eq* <br/><br/>
*Example:* transferred eq false, transferred eq 0
Filter results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**transferred**: *eq* *Example:* transferred eq false, transferred eq 0
responses:
'200':
"200":
description: list of auth support transfer status responses.
content:
application/json:
schema:
type: array
items:
$ref: '../../schemas/AuthSupportTransferStatusResponse.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/AuthSupportTransferStatusResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

45
static/api-specs/idn/beta/paths/supportlogin/auth-support-logins-migrate.yaml
View File

@@ -4,34 +4,37 @@ post:
- Auth Support Login
summary: Migrate auth support login records
description: >-
Migrates all the auth support login access grants from the specified auth tenant to the new auth tenant in the</br>
request context, resulting in the new auth tenant having possession of all the old auth tenant's auth support</br>
login access grants and the old auth tenant no longer having any more auth support login access grants.</br>
</br>
Because this is a highly privileged operation meant only to be executable by SailPoint DevOps,</br>
this request requires the following security scope: </br>
Migrates all the auth support login access grants from the specified auth
tenant to the new auth tenant in the request context, resulting in the new
auth tenant having possession of all the old auth tenant's auth support
login access grants and the old auth tenant no longer having any more auth
support login access grants.
Because this is a highly privileged operation meant only to be executable by
SailPoint DevOps, this request requires the following security scope:
**sp:auth-support-login-transfer:update**
parameters:
- in: path
name: oldAuthTenant
description: >-
The name of auth tenant whose auth support login access grants will be migrated to the calling auth tenant
The name of auth tenant whose auth support login access grants will be
migrated to the calling auth tenant
example: acme-solar
required: true
schema:
type: string
responses:
'202':
$ref: '../../../v3/responses/202.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'404':
$ref: '../../../v3/responses/404.yaml'
'429':
$ref: '../../../v3/responses/429.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
"202":
$ref: "../../../v3/responses/202.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"404":
$ref: "../../../v3/responses/404.yaml"
"429":
$ref: "../../../v3/responses/429.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

44
static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-create.yaml
View File

@@ -3,36 +3,38 @@ tags:
- Auth Support Login
summary: Create auth support tenant record
description: >-
This request will create an auth support tenant record for the tenant making the call, making that tenant the auth
tenant in the new record. This new record will function as a prerequisite metadata reference for when a target tenant
attempts to create an auth support login record that grants access to a particular auth tenant.
Thus, a target tenant must name an auth tenant that exists within an auth support tenant record in order to
successfully create an auth support login record.</br>
</br>
Request will require the following security scope: </br>
This request will create an auth support tenant record for the tenant making
the call, making that tenant the auth tenant in the new record. This new
record will function as a prerequisite metadata reference for when a target
tenant attempts to create an auth support login record that grants access to a
particular auth tenant. Thus, a target tenant must name an auth tenant that
exists within an auth support tenant record in order to successfully create an
auth support login record.
Request will require the following security scope:
**sp:auth-support-login:create**
requestBody:
description: Auth support tenant creation request body.
required: true
content:
application/json:
schema:
$ref: '../../schemas/AuthSupportTenantRequest.yaml'
$ref: "../../schemas/AuthSupportTenantRequest.yaml"
responses:
'200':
"200":
description: Created auth support tenant record.
content:
application/json:
schema:
$ref: '../../schemas/AuthSupportTenantResponse.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'429':
$ref: '../../../v3/responses/429.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/AuthSupportTenantResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"429":
$ref: "../../../v3/responses/429.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

27
static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-delete.yaml
View File

@@ -3,18 +3,17 @@ tags:
- Auth Support Login
summary: Delete all auth support tenant records for this tenant
description: >-
This request will delete all auth support tenant records related to the requesting tenant. <br/>
</br>
Request will require the following security scope: </br>
**sp:auth-support-login:delete**
This request will delete all auth support tenant records related to the
requesting tenant. Request will require the following security scope:
**sp:auth-support-login:delete**
responses:
'204':
$ref: '../../../v3/responses/204.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'404':
$ref: '../../../v3/responses/404.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
"204":
$ref: "../../../v3/responses/204.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"404":
$ref: "../../../v3/responses/404.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

45
static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-list.yaml
View File

@@ -3,45 +3,48 @@ tags:
- Auth Support Login
summary: List auth support tenant records
description: >-
Fetch list of auth support tenant records that can be used as authTenant.</br>
</br>
Request will require the following security scope:</br>
Fetch list of auth support tenant records that can be used as authTenant.
Request will require the following security scope:
**sp:auth-support-login:read**
parameters:
- $ref: '../../../v3/parameters/limit.yaml'
- $ref: '../../../v3/parameters/offset.yaml'
- $ref: '../../../v3/parameters/count.yaml'
- $ref: "../../../v3/parameters/limit.yaml"
- $ref: "../../../v3/parameters/offset.yaml"
- $ref: "../../../v3/parameters/count.yaml"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)<br/><br/>
Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **authTenant**
- in: query
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)<br/><br/>
Filtering is supported for the following fields and operators:<br/><br/>
**authTenant**: *eq, sw* <br/><br/>
*Example:* authTenant eq "sailpoint", authTenant sw "sail"
Filter results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**authTenant**: *eq, sw* *Example:* authTenant eq "sailpoint", authTenant
sw "sail"
responses:
'200':
"200":
description: list of auth support tenant responses.
content:
application/json:
schema:
type: array
items:
$ref: '../../schemas/AuthSupportTenantResponse.yaml'
'400':
$ref: '../../../v3/responses/400.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/AuthSupportTenantResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

34
static/api-specs/idn/beta/paths/supportlogin/auth-support-user-eligibility-get.yaml
View File

@@ -4,22 +4,26 @@ get:
- Auth Support Login
summary: Get a user's eligibility for support and services login
description: >-
Fetch the auth support tenant record(s) associated with this user's tenant and check to see if the user belongs </br>
to any access roles allowed for performing support and services login </br>
</br>
Request requires an authenticated user, but no specific scope is required for analysis of user eligibility.
Fetch the auth support tenant record(s) associated with this user's tenant
and check to see if the user belongs to any access roles allowed for
performing support and services login
Request requires an authenticated user, but no specific scope is required
for analysis of user eligibility.
responses:
'200':
description: Response containing a determination of whether or not the logged-in user is eligible to provide support to customers.
"200":
description:
Response containing a determination of whether or not the logged-in user
is eligible to provide support to customers.
content:
application/json:
schema:
$ref: '../../schemas/AuthSupportUserEligibilityResponse.yaml'
'401':
$ref: '../../../v3/responses/401.yaml'
'403':
$ref: '../../../v3/responses/403.yaml'
'429':
$ref: '../../../v3/responses/429.yaml'
'500':
$ref: '../../../v3/responses/500.yaml'
$ref: "../../schemas/AuthSupportUserEligibilityResponse.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"429":
$ref: "../../../v3/responses/429.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

16
static/api-specs/idn/beta/schemas/TemplateDto.yaml
View File

@@ -22,16 +22,18 @@ properties:
example: "en"
subject:
type: string
example: "You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}."
example:
"You have $numberOfPendingTasks $taskTasks to complete in
${__global.productName}."
header:
type: string
example: "Dear $__recipient.name,<br/>"
example: "Dear $__recipient.name,"
body:
type: string
example: "Please go to the task manager"
footer:
type: string
example: "<br/>Thanks,<br/> The $__global.productName Team<br/>"
example: "Thanks, The $__global.productName Team"
from:
type: string
example: "$__global.emailFromAddress"
@@ -40,7 +42,8 @@ properties:
example: "$__global.emailFromAddress"
description:
type: string
example: "Daily digest - sent if number of outstanding tasks for task owner > 0"
example:
"Daily digest - sent if number of outstanding tasks for task owner > 0"
id:
type: string
example: "c17bea3a-574d-453c-9e04-4365fbf5af0b"
@@ -53,9 +56,10 @@ properties:
modified:
type: string
format: date-time
description: The time when this template was last modified. This is auto-generated.
description:
The time when this template was last modified. This is auto-generated.
example: "2020-01-01T00:00:00.000000Z"
required:
- key
- medium
- locale
- locale

11
static/api-specs/idn/beta/schemas/TemplateDtoDefault.yaml
View File

@@ -22,16 +22,18 @@ properties:
example: "en"
subject:
type: string
example: "You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}."
example:
"You have $numberOfPendingTasks $taskTasks to complete in
${__global.productName}."
header:
type: string
example: "Dear $__recipient.name,<br/>"
example: "Dear $__recipient.name,"
body:
type: string
example: "Please go to the task manager"
footer:
type: string
example: "<br/>Thanks,<br/> The $__global.productName Team<br/>"
example: "Thanks, The $__global.productName Team"
from:
type: string
example: "$__global.emailFromAddress"
@@ -40,4 +42,5 @@ properties:
example: "$__global.emailFromAddress"
description:
type: string
example: "Daily digest - sent if number of outstanding tasks for task owner > 0"
example:
"Daily digest - sent if number of outstanding tasks for task owner > 0"

15
static/api-specs/idn/v3/paths/non-employee-approval-list.yaml
View File

@@ -6,11 +6,11 @@ get:
- Non-Employee Lifecycle Management
summary: Get List of Non-Employee Approval Requests
description: >-
This gets a list of non-employee approval requests.<br><br>
This gets a list of non-employee approval requests.
There are two contextual uses for this endpoint:<br>
There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:read`, in which case they
can list the approvals for any approver.<br>
can list the approvals for any approver.
2. The user owns the requested approval.
parameters:
- in: query
@@ -32,10 +32,9 @@ get:
description: >-
Filter results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)<br/><br/>
Filtering is supported for the following fields and operators:<br/><br/>
**approvalStatus**: *eq* <br/><br/> *Example:* approvalStatus eq
"PENDING"
Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)
Filtering is supported for the following fields and operators:
**approvalStatus**: *eq* *Example:* approvalStatus eq "PENDING"
example: approvalStatus eq "Pending"
required: false
- in: query
@@ -46,7 +45,7 @@ get:
description: >-
Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)<br/><br/>
Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
Sorting is supported for the following fields: **created, modified**
required: false
example: created

7
static/api-specs/idn/v3/paths/non-employee-approval-summary.yaml
View File

@@ -6,12 +6,11 @@ get:
- Non-Employee Lifecycle Management
summary: Get Summary of Non-Employee Approval Requests
description: >-
This request will retrieve a summary of non-employee approval
requests.<br><br> There are two contextual uses for the `requested-for` path
parameter:<br>
This request will retrieve a summary of non-employee approval requests.
There are two contextual uses for the `requested-for` path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
she may request a summary of all non-employee approval requests assigned to
a particular approver by passing in that approver's id.<br>
a particular approver by passing in that approver's id.
2. The current user is an approver, in which case "me" should be provided
as the `requested-for` value. This will provide the approver with a summary
of the approval items assigned to him or her.

6
static/api-specs/idn/v3/paths/non-employee-approve-get.yaml
View File

@@ -6,10 +6,10 @@ get:
- Non-Employee Lifecycle Management
summary: Get a non-employee approval item detail
description: >-
Gets a non-employee approval item detail.<br><br> There are two contextual
uses for this endpoint:<br>
Gets a non-employee approval item detail. There are two contextual uses for
this endpoint:
1. The user has the role context of `idn:nesr:read`, in which case they
can get any approval.<br>
can get any approval.
2. The user owns the requested approval.
parameters:
- in: path

4
static/api-specs/idn/v3/paths/non-employee-approve-request.yaml
View File

@@ -6,8 +6,8 @@ post:
- Non-Employee Lifecycle Management
summary: Approve a Non-Employee Request
description: >-
Approves a non-employee approval request and notifies the next
approver.<br><br> The current user must be the requested approver.
Approves a non-employee approval request and notifies the next approver. The
current user must be the requested approver.
parameters:
- in: path
name: id

8
static/api-specs/idn/v3/paths/non-employee-bulk-upload-jobs-fail.yaml
View File

@@ -7,16 +7,16 @@ post:
summary: Fail Bulk Upload
description: |
This API does not stop the job. It flags the job as failed. The job continues to run if it was
running when the API was invoked.<br><br>
running when the API was invoked.
Before you submit this request, verify the transaction is actually failed in Kibana. When
the NON_EMPLOYEE_CREATE_PASSED events have stopped, then the job is completed. <br><br>
the NON_EMPLOYEE_CREATE_PASSED events have stopped, then the job is completed.
Important: This API does not stop the job, it flags the job as failed. The job continues to run if
the it was running when the API was invoked. If invoked while the transaction is still running,
other jobs are allowed to start but the second job to start will fail. <br><br>
other jobs are allowed to start but the second job to start will fail.
Requires role context of `idn:nesr:update`. <br><br>
Requires role context of `idn:nesr:update`.
This is for internal use only.
parameters:

16
static/api-specs/idn/v3/paths/non-employee-record.yaml
View File

@@ -6,7 +6,7 @@ get:
- Non-Employee Lifecycle Management
summary: Get a Non-Employee Record
description: >-
This gets a non-employee record.<br><br>
This gets a non-employee record.
Requires role context of `idn:nesr:read`
parameters:
@@ -43,10 +43,10 @@ put:
- Non-Employee Lifecycle Management
summary: Update Non-Employee Record
description: >-
This request will update a non-employee record.<br><br> There are two
contextual uses for this endpoint:<br>
This request will update a non-employee record. There are two contextual
uses for this endpoint:
1. The user has the role context of `idn:nesr:update`, in which case they
update all available fields.<br>
update all available fields.
2. The user is owner of the source, in this case they can only update the
end date.
parameters:
@@ -95,10 +95,10 @@ patch:
- Non-Employee Lifecycle Management
summary: Patch Non-Employee Record
description: >-
This request will patch a non-employee record.<br><br> There are two
contextual uses for this endpoint:<br>
This request will patch a non-employee record. There are two contextual uses
for this endpoint:
1. The user has the role context of `idn:nesr:update`, in which case they
update all available fields.<br>
update all available fields.
2. The user is owner of the source, in this case they can only update the
end date.
parameters:
@@ -154,7 +154,7 @@ delete:
- Non-Employee Lifecycle Management
summary: Delete Non-Employee Record
description: >-
This request will delete a non-employee record.<br><br>
This request will delete a non-employee record.
Requires role context of `idn:nesr:delete`
parameters:

5
static/api-specs/idn/v3/paths/non-employee-records-bulk-delete.yaml
View File

@@ -7,8 +7,7 @@ post:
summary: Delete Multiple Non-Employee Records
description: >-
This request will delete multiple non-employee records based on the
non-employee ids provided.<br><br> Requires role context of
`idn:nesr:delete`
non-employee ids provided. Requires role context of `idn:nesr:delete`
requestBody:
description: Non-Employee bulk delete request body.
required: true
@@ -23,7 +22,7 @@ post:
items:
type: string
format: uuid
example:
example:
- 2b838de9-db9b-abcf-e646-d4f274ad4238
- 2d838de9-db9b-abcf-e646-d4f274ad4238
required:

88
static/api-specs/idn/v3/paths/non-employee-records.yaml
View File

@@ -6,33 +6,33 @@ post:
- Non-Employee Lifecycle Management
summary: Create Non-Employee Record
description: >-
This request will create a non-employee record.<br><br>
This request will create a non-employee record.
Requires role context of `idn:nesr:create`
Requires role context of `idn:nesr:create`
requestBody:
description: Non-Employee record creation request body.
required: true
content:
application/json:
schema:
$ref: '../schemas/non-employee/NonEmployeeRequestBody.yaml'
$ref: "../schemas/non-employee/NonEmployeeRequestBody.yaml"
responses:
'200':
"200":
description: Created non-employee record.
content:
application/json:
schema:
$ref: '../schemas/non-employee/NonEmployeeRecord.yaml'
'400':
$ref: '../responses/400.yaml'
'401':
$ref: '../responses/401.yaml'
'403':
$ref: '../responses/403.yaml'
'429':
$ref: '../responses/429.yaml'
'500':
$ref: '../responses/500.yaml'
$ref: "../schemas/non-employee/NonEmployeeRecord.yaml"
"400":
$ref: "../responses/400.yaml"
"401":
$ref: "../responses/401.yaml"
"403":
$ref: "../responses/403.yaml"
"429":
$ref: "../responses/429.yaml"
"500":
$ref: "../responses/500.yaml"
get:
operationId: nonEmployeeRecordList
security:
@@ -41,14 +41,16 @@ get:
- Non-Employee Lifecycle Management
summary: List Non-Employee Records
description: >-
This gets a list of non-employee records.<br><br>
There are two contextual uses for this endpoint:<br>
1. The user has the role context of `idn:nesr:read`, in which case they can get a list of all of the non-employees.<br>
2. The user is an account manager, in which case they can get a list of the non-employees that they manage.
This gets a list of non-employee records. There are two contextual uses for
this endpoint:
1. The user has the role context of `idn:nesr:read`, in which case they
can get a list of all of the non-employees.
2. The user is an account manager, in which case they can get a list of
the non-employees that they manage.
parameters:
- $ref: '../parameters/limit.yaml'
- $ref: '../parameters/offset.yaml'
- $ref: '../parameters/count.yaml'
- $ref: "../parameters/limit.yaml"
- $ref: "../parameters/offset.yaml"
- $ref: "../parameters/count.yaml"
- in: query
name: sorters
required: false
@@ -57,8 +59,12 @@ get:
format: comma-separated
example: accountName,sourceId
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)<br/><br/>
Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**
Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
Sorting is supported for the following fields: **id, accountName,
sourceId, manager, firstName, lastName, email, phone, startDate,
endDate, created, modified**
- in: query
name: filters
required: false
@@ -66,26 +72,28 @@ get:
type: string
example: sourceId eq "2c91808568c529c60168cca6f90c1313"
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)<br/><br/>
Filtering is supported for the following fields and operators:<br/><br/>
**sourceId**: *eq* <br/><br/>
*Example:* sourceId eq "2c91808568c529c60168cca6f90c1313"
Filter results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)
Filtering is supported for the following fields and operators:
**sourceId**: *eq* *Example:* sourceId eq
"2c91808568c529c60168cca6f90c1313"
responses:
'200':
"200":
description: Non-Employee record objects
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/non-employee/NonEmployeeRecord.yaml'
'400':
$ref: '../responses/400.yaml'
'401':
$ref: '../responses/401.yaml'
'403':
$ref: '../responses/403.yaml'
'429':
$ref: '../responses/429.yaml'
'500':
$ref: '../responses/500.yaml'
$ref: "../schemas/non-employee/NonEmployeeRecord.yaml"
"400":
$ref: "../responses/400.yaml"
"401":
$ref: "../responses/401.yaml"
"403":
$ref: "../responses/403.yaml"
"429":
$ref: "../responses/429.yaml"
"500":
$ref: "../responses/500.yaml"

4
static/api-specs/idn/v3/paths/non-employee-reject-request.yaml
View File

@@ -6,8 +6,8 @@ post:
- Non-Employee Lifecycle Management
summary: Reject a Non-Employee Request
description: >-
This endpoint will reject an approval item request and notify user.<br><br>
The current user must be the requested approver.
This endpoint will reject an approval item request and notify user. The
current user must be the requested approver.
parameters:
- in: path
name: id

6
static/api-specs/idn/v3/paths/non-employee-request-summary-get.yaml
View File

@@ -6,11 +6,11 @@ get:
- Non-Employee Lifecycle Management
summary: Get Summary of Non-Employee Requests
description: >-
This request will retrieve a summary of non-employee requests.<br><br> There
are two contextual uses for the `requested-for` path parameter:<br>
This request will retrieve a summary of non-employee requests. There are two
contextual uses for the `requested-for` path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
she may request a summary of all non-employee approval requests assigned to
a particular account manager by passing in that manager's id.<br>
a particular account manager by passing in that manager's id.
2. The current user is an account manager, in which case "me" should be
provided as the `requested-for` value. This will provide the user with a
summary of the non-employee requests in the source(s) he or she manages.

8
static/api-specs/idn/v3/paths/non-employee-request.yaml
View File

@@ -6,11 +6,11 @@ get:
- Non-Employee Lifecycle Management
summary: Get a Non-Employee Request
description: >-
This gets a non-employee request.<br><br>
This gets a non-employee request.
There are two contextual uses for this endpoint:<br>
There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:read`, in this case the user
can get the non-employee request for any user.<br>
can get the non-employee request for any user.
2. The user must be the owner of the non-employee request.
parameters:
- in: path
@@ -48,7 +48,7 @@ delete:
- Non-Employee Lifecycle Management
summary: Delete Non-Employee Request
description: >-
This request will delete a non-employee request.<br><br>
This request will delete a non-employee request.
Requires role context of `idn:nesr:delete`
parameters:

19
static/api-specs/idn/v3/paths/non-employee-requests.yaml
View File

@@ -6,9 +6,8 @@ post:
- Non-Employee Lifecycle Management
summary: Create Non-Employee Request
description: >-
This request will create a non-employee request and notify the
approver.<br><br> Requires role context of `idn:nesr:create` or the user
must own the source.
This request will create a non-employee request and notify the approver.
Requires role context of `idn:nesr:create` or the user must own the source.
requestBody:
description: Non-Employee creation request body
required: true
@@ -66,11 +65,11 @@ get:
- Non-Employee Lifecycle Management
summary: List Non-Employee Requests
description: >-
This gets a list of non-employee requests.<br><br> There are two contextual
uses for the `requested-for` path parameter:<br>
This gets a list of non-employee requests. There are two contextual uses for
the `requested-for` path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
she may request a list non-employee requests assigned to a particular
account manager by passing in that manager's id.<br>
account manager by passing in that manager's id.
2. The current user is an account manager, in which case "me" should be
provided as the `requested-for` value. This will provide the user with a
list of the non-employee requests in the source(s) he or she manages.
@@ -97,7 +96,7 @@ get:
description: >-
Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)<br/><br/>
Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
Sorting is supported for the following fields: **created,
approvalStatus, firstName, lastName, email, phone, accountName,
startDate, endDate**
@@ -110,9 +109,9 @@ get:
description: >-
Filter results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)<br/><br/>
Filtering is supported for the following fields and operators:<br/><br/>
**sourceId**: *eq* <br/><br/> *Example:* sourceId eq
Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)
Filtering is supported for the following fields and operators:
**sourceId**: *eq* *Example:* sourceId eq
"2c91808568c529c60168cca6f90c1313"
responses:
"200":

2
static/api-specs/idn/v3/paths/non-employee-source-aggregate.yaml
View File

@@ -7,7 +7,7 @@ post:
summary: Aggregate all accounts for a Non-Employee Source
description: >-
This fetches all the non-employee records related to a non-employee source
and publishes an aggregation event for each one.<br><br>
and publishes an aggregation event for each one.
Requires auth scope of 'idn:nesr:create'
parameters:

14
static/api-specs/idn/v3/paths/non-employee-source.yaml
View File

@@ -6,10 +6,10 @@ get:
- Non-Employee Lifecycle Management
summary: Get a Non-Employee Source
description: >-
This gets a non-employee source.<br><br> There are two contextual uses for
the requested-for path parameter: <br>
This gets a non-employee source. There are two contextual uses for the
requested-for path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
she may request any source.<br>
she may request any source.
2. The current user is an account manager, in which case the user can only
request sources that they own.
parameters:
@@ -46,8 +46,8 @@ patch:
- Non-Employee Lifecycle Management
summary: Patch a Non-Employee Source
description: >-
patch a non-employee source. (partial update) <br/> Patchable field: **name,
description, approvers, accountManagers**<br><br> Requires role context of
patch a non-employee source. (partial update) Patchable field: **name,
description, approvers, accountManagers** Requires role context of
`idn:nesr:update`.
parameters:
- in: path
@@ -105,8 +105,8 @@ delete:
- Non-Employee Lifecycle Management
summary: Delete Non-Employee Source
description: >-
This request will delete a non-employee source.<br><br> Requires role
context of `idn:nesr:delete`.
This request will delete a non-employee source. Requires role context of
`idn:nesr:delete`.
parameters:
- in: path
name: sourceId

4
static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-details.yaml
View File

@@ -6,9 +6,9 @@ get:
- Non-Employee Lifecycle Management
summary: Details of bulk upload job on source
description: |
This API returns the details of the newest bulk upload job for the specified source.<br><br>
This API returns the details of the newest bulk upload job for the specified source.
Requires role context of `idn:nesr:read`<br><br>
Requires role context of `idn:nesr:read`
This is for internal use only.
parameters:

4
static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-non-employees.yaml
View File

@@ -6,8 +6,8 @@ post:
- Non-Employee Lifecycle Management
summary: Imports, or Updates, Non-Employee Records
description: >-
This post will import, or update, Non-Employee records found in the
CSV.<br><br> Requires role context of `idn:nesr:create`
This post will import, or update, Non-Employee records found in the CSV.
Requires role context of `idn:nesr:create`
parameters:
- in: path
name: id

2
static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-status.yaml
View File

@@ -6,7 +6,7 @@ get:
- Non-Employee Lifecycle Management
summary: Obtain the status of bulk upload on the source
description: |
The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source.<br><br>
The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source.
Requires role context of `idn:nesr:read`
parameters:
- in: path

4
static/api-specs/idn/v3/paths/non-employee-sources-export-non-employees.yaml
View File

@@ -6,8 +6,8 @@ get:
- Non-Employee Lifecycle Management
summary: Exports Non-Employee Records to CSV
description: >-
This requests a CSV download for all non-employees from a provided
source.<br><br> Requires role context of `idn:nesr:read`
This requests a CSV download for all non-employees from a provided source.
Requires role context of `idn:nesr:read`
parameters:
- in: path
name: id

30
static/api-specs/idn/v3/paths/non-employee-sources-export-schema-attributes-template.yaml
View File

@@ -6,8 +6,8 @@ get:
- Non-Employee Lifecycle Management
summary: Exports Source Schema Template
description: >-
This requests a download for the Source Schema Template for a provided source.<br><br>
Requires role context of `idn:nesr:read`
This requests a download for the Source Schema Template for a provided
source. Requires role context of `idn:nesr:read`
parameters:
- in: path
name: id
@@ -18,21 +18,21 @@ get:
schema:
type: string
responses:
'200':
"200":
description: Exported Source Schema Template
content:
text/csv:
example: |
accountName,firstName,lastName,phone,email,manager,startDate,endDate
'400':
$ref: '../responses/400.yaml'
'401':
$ref: '../responses/401.yaml'
'403':
$ref: '../responses/403.yaml'
'404':
$ref: '../responses/404.yaml'
'429':
$ref: '../responses/429.yaml'
'500':
$ref: '../responses/500.yaml'
"400":
$ref: "../responses/400.yaml"
"401":
$ref: "../responses/401.yaml"
"403":
$ref: "../responses/403.yaml"
"404":
$ref: "../responses/404.yaml"
"429":
$ref: "../responses/429.yaml"
"500":
$ref: "../responses/500.yaml"

96
static/api-specs/idn/v3/paths/non-employee-sources-schema-attribute.yaml
View File

@@ -6,8 +6,9 @@ get:
- Non-Employee Lifecycle Management
summary: Get Schema Attribute Non-Employee Source
description: >-
This API gets a schema attribute by Id for the specified Non-Employee SourceId.<br><br>
Requires role context of `idn:nesr:read` or the user must be an account manager of the source.
This API gets a schema attribute by Id for the specified Non-Employee
SourceId. Requires role context of `idn:nesr:read` or the user must be an
account manager of the source.
parameters:
- in: path
name: attributeId
@@ -24,22 +25,22 @@ get:
example: ef38f94347e94562b5bb8424a56397d8
description: The Source id
responses:
'200':
"200":
description: The Schema Attribute
content:
application/json:
schema:
$ref: '../schemas/non-employee/NonEmployeeSchemaAttribute.yaml'
'400':
$ref: '../responses/400.yaml'
'401':
$ref: '../responses/401.yaml'
'403':
$ref: '../responses/403.yaml'
'429':
$ref: '../responses/429.yaml'
'500':
$ref: '../responses/500.yaml'
$ref: "../schemas/non-employee/NonEmployeeSchemaAttribute.yaml"
"400":
$ref: "../responses/400.yaml"
"401":
$ref: "../responses/401.yaml"
"403":
$ref: "../responses/403.yaml"
"429":
$ref: "../responses/429.yaml"
"500":
$ref: "../responses/500.yaml"
patch:
operationId: patchSchemaAttribute
# security:
@@ -48,7 +49,7 @@ patch:
- Non-Employee Lifecycle Management
summary: Patch a Schema Attribute for Non-Employee Source
description: |
This end-point patches a specific schema attribute for a non-employee SourceId.<br><br>
This end-point patches a specific schema attribute for a non-employee SourceId.
Requires role context of `idn:nesr:update`
parameters:
- in: path
@@ -66,38 +67,41 @@ patch:
description: The Source id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
description: A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following properties are allowed for update ':' 'label', 'helpText', 'placeholder', 'required'.
description:
A list of schema attribute update operations according to the [JSON
Patch](https://tools.ietf.org/html/rfc6902) standard. The following
properties are allowed for update ':' 'label', 'helpText', 'placeholder',
'required'.
content:
application/json-patch+json:
schema:
type: array
items:
$ref: '../schemas/JsonPatchOperation.yaml'
$ref: "../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/label"
value: { "new attribute label" }
required: true
responses:
'200':
"200":
description: The Schema Attribute was successfully patched.
content:
application/json:
schema:
$ref: '../schemas/non-employee/NonEmployeeSchemaAttribute.yaml'
'400':
$ref: '../responses/400.yaml'
'401':
$ref: '../responses/401.yaml'
'403':
$ref: '../responses/403.yaml'
'404':
$ref: '../responses/404.yaml'
'429':
$ref: '../responses/429.yaml'
'500':
$ref: '../responses/500.yaml'
$ref: "../schemas/non-employee/NonEmployeeSchemaAttribute.yaml"
"400":
$ref: "../responses/400.yaml"
"401":
$ref: "../responses/401.yaml"
"403":
$ref: "../responses/403.yaml"
"404":
$ref: "../responses/404.yaml"
"429":
$ref: "../responses/429.yaml"
"500":
$ref: "../responses/500.yaml"
delete:
operationId: deleteSchemaAttribute
# security:
@@ -105,8 +109,8 @@ delete:
tags:
- Non-Employee Lifecycle Management
summary: Delete a Schema Attribute for Non-Employee Source
description: |
This end-point deletes a specific schema attribute for a non-employee source.<br><br>
description: |
This end-point deletes a specific schema attribute for a non-employee source.
Requires role context of `idn:nesr:delete`
parameters:
- in: path
@@ -124,16 +128,16 @@ delete:
description: The Source id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
$ref: '../responses/204.yaml'
"204":
$ref: "../responses/204.yaml"
description: The Schema Attribute was successfully deleted.
'400':
$ref: '../responses/400.yaml'
'401':
$ref: '../responses/401.yaml'
'403':
$ref: '../responses/403.yaml'
'429':
$ref: '../responses/429.yaml'
'500':
$ref: '../responses/500.yaml'
"400":
$ref: "../responses/400.yaml"
"401":
$ref: "../responses/401.yaml"
"403":
$ref: "../responses/403.yaml"
"429":
$ref: "../responses/429.yaml"
"500":
$ref: "../responses/500.yaml"

106
static/api-specs/idn/v3/paths/non-employee-sources-schema-attributes.yaml
View File

@@ -5,12 +5,14 @@ get:
tags:
- Non-Employee Lifecycle Management
summary: List Schema Attributes Non-Employee Source
description: This API gets the list of schema attributes for the specified Non-Employee SourceId. There are 8
mandatory attributes added to each new Non-Employee Source automatically. Additionaly, user can
add up to 10 custom attributes. This interface returns all the mandatory attributes followed by
any custom attributes. At most, a total of 18 attributes will be returned.<br><br>
Requires role context of `idn:nesr:read` or the user must be an account manager of the source.
description: This API gets the list of schema attributes for the specified
Non-Employee SourceId. There are 8 mandatory attributes added to each new
Non-Employee Source automatically. Additionaly, user can add up to 10 custom
attributes. This interface returns all the mandatory attributes followed by
any custom attributes. At most, a total of 18 attributes will be returned.
Requires role context of `idn:nesr:read` or the user must be an account
manager of the source.
parameters:
- in: path
name: sourceId
@@ -20,27 +22,27 @@ get:
example: ef38f94347e94562b5bb8424a56397d8
description: The Source id
responses:
'200':
"200":
description: A list of Schema Attributes
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/non-employee/NonEmployeeSchemaAttribute.yaml'
$ref: "../schemas/non-employee/NonEmployeeSchemaAttribute.yaml"
maxItems: 18
'400':
$ref: '../responses/400.yaml'
'401':
$ref: '../responses/401.yaml'
'403':
$ref: '../responses/403.yaml'
'404':
$ref: '../responses/404.yaml'
'429':
$ref: '../responses/429.yaml'
'500':
$ref: '../responses/500.yaml'
"400":
$ref: "../responses/400.yaml"
"401":
$ref: "../responses/401.yaml"
"403":
$ref: "../responses/403.yaml"
"404":
$ref: "../responses/404.yaml"
"429":
$ref: "../responses/429.yaml"
"500":
$ref: "../responses/500.yaml"
post:
operationId: createSchemaAttribute
# security:
@@ -49,10 +51,12 @@ post:
- Non-Employee Lifecycle Management
summary: Create a new Schema Attribute for Non-Employee Source
description: >-
This API creates a new schema attribute for Non-Employee Source. The schema technical name must be
unique in the source. Attempts to create a schema attribute with an existing name will result in a
"400.1.409 Reference conflict" response. At most, 10 custom attributes can be created per schema. Attempts
to create more than 10 will result in a "400.1.4 Limit violation" response.<br><br>
This API creates a new schema attribute for Non-Employee Source. The schema
technical name must be unique in the source. Attempts to create a schema
attribute with an existing name will result in a "400.1.409 Reference
conflict" response. At most, 10 custom attributes can be created per schema.
Attempts to create more than 10 will result in a "400.1.4 Limit violation"
response.
Requires role context of `idn:nesr:create`
parameters:
@@ -68,25 +72,25 @@ post:
content:
application/json:
schema:
$ref: '../schemas/non-employee/NonEmployeeSchemaAttributeBody.yaml'
$ref: "../schemas/non-employee/NonEmployeeSchemaAttributeBody.yaml"
responses:
'200':
"200":
description: >-
Schema Attribute created.
content:
application/json:
schema:
$ref: '../schemas/non-employee/NonEmployeeSchemaAttribute.yaml'
'400':
$ref: '../responses/400.yaml'
'401':
$ref: '../responses/401.yaml'
'403':
$ref: '../responses/403.yaml'
'429':
$ref: '../responses/429.yaml'
'500':
$ref: '../responses/500.yaml'
$ref: "../schemas/non-employee/NonEmployeeSchemaAttribute.yaml"
"400":
$ref: "../responses/400.yaml"
"401":
$ref: "../responses/401.yaml"
"403":
$ref: "../responses/403.yaml"
"429":
$ref: "../responses/429.yaml"
"500":
$ref: "../responses/500.yaml"
delete:
operationId: deleteSchemaAttributes
# security:
@@ -95,8 +99,8 @@ delete:
- Non-Employee Lifecycle Management
summary: Delete all custom schema attributes for Non-Employee Source
description: >-
This end-point deletes all custom schema attributes for a non-employee source.<br><br>
Requires role context of `idn:nesr:delete`
This end-point deletes all custom schema attributes for a non-employee
source. Requires role context of `idn:nesr:delete`
parameters:
- in: path
name: sourceId
@@ -106,16 +110,16 @@ delete:
description: The Source id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
$ref: '../responses/204.yaml'
"204":
$ref: "../responses/204.yaml"
description: All custon Schema Attributes were successfully deleted.
'400':
$ref: '../responses/400.yaml'
'401':
$ref: '../responses/401.yaml'
'403':
$ref: '../responses/403.yaml'
'429':
$ref: '../responses/429.yaml'
'500':
$ref: '../responses/500.yaml'
"400":
$ref: "../responses/400.yaml"
"401":
$ref: "../responses/401.yaml"
"403":
$ref: "../responses/403.yaml"
"429":
$ref: "../responses/429.yaml"
"500":
$ref: "../responses/500.yaml"

82
static/api-specs/idn/v3/paths/non-employee-sources.yaml
View File

@@ -6,32 +6,32 @@ post:
- Non-Employee Lifecycle Management
summary: Create Non-Employee Source
description: >-
This request will create a non-employee source.<br><br>
Requires role context of `idn:nesr:create`
This request will create a non-employee source. Requires role context of
`idn:nesr:create`
requestBody:
description: Non-Employee source creation request body.
required: true
content:
application/json:
schema:
$ref: '../schemas/non-employee/NonEmployeeSourceRequestBody.yaml'
$ref: "../schemas/non-employee/NonEmployeeSourceRequestBody.yaml"
responses:
'200':
"200":
description: Created non-employee source.
content:
application/json:
schema:
$ref: '../schemas/non-employee/NonEmployeeSourceWithCloudExternalId.yaml'
'400':
$ref: '../responses/400.yaml'
'401':
$ref: '../responses/401.yaml'
'403':
$ref: '../responses/403.yaml'
'429':
$ref: '../responses/429.yaml'
'500':
$ref: '../responses/500.yaml'
$ref: "../schemas/non-employee/NonEmployeeSourceWithCloudExternalId.yaml"
"400":
$ref: "../responses/400.yaml"
"401":
$ref: "../responses/401.yaml"
"403":
$ref: "../responses/403.yaml"
"429":
$ref: "../responses/429.yaml"
"500":
$ref: "../responses/500.yaml"
get:
operationId: nonEmployeeSourcesList
security:
@@ -40,14 +40,18 @@ get:
- Non-Employee Lifecycle Management
summary: List Non-Employee Sources
description: >-
This gets a list of non-employee sources.<br><br>
There are two contextual uses for the requested-for path parameter: <br>
1. The user has the role context of `idn:nesr:read`, in which case he or she may request a list sources assigned to a particular account manager by passing in that manager's id.<br>
2. The current user is an account manager, in which case "me" should be provided as the `requested-for` value. This will provide the user with a list of the sources that he or she owns.
This gets a list of non-employee sources. There are two contextual uses for
the requested-for path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
she may request a list sources assigned to a particular account manager by
passing in that manager's id.
2. The current user is an account manager, in which case "me" should be
provided as the `requested-for` value. This will provide the user with a
list of the sources that he or she owns.
parameters:
- $ref: '../parameters/limit.yaml'
- $ref: '../parameters/offset.yaml'
- $ref: '../parameters/count.yaml'
- $ref: "../parameters/limit.yaml"
- $ref: "../parameters/offset.yaml"
- $ref: "../parameters/count.yaml"
- in: query
name: requested-for
required: true
@@ -55,7 +59,8 @@ get:
type: string
example: me
description: >-
The identity for whom the request was made. *me* indicates the current user.
The identity for whom the request was made. *me* indicates the current
user.
- in: query
name: non-employee-count
required: false
@@ -63,7 +68,8 @@ get:
schema:
type: boolean
description: >-
The flag to determine whether return a non-employee count associate with source.
The flag to determine whether return a non-employee count associate with
source.
- in: query
name: sorters
required: false
@@ -72,24 +78,26 @@ get:
format: comma-separated
example: "name,created"
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)<br/><br/>
Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
Sorting is supported for the following fields: **name, created**
responses:
'200':
"200":
description: List of non-employee sources objects.
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/non-employee/NonEmployeeSourceWithNECount.yaml'
'400':
$ref: '../responses/400.yaml'
'401':
$ref: '../responses/401.yaml'
'403':
$ref: '../responses/403.yaml'
'429':
$ref: '../responses/429.yaml'
'500':
$ref: '../responses/500.yaml'
$ref: "../schemas/non-employee/NonEmployeeSourceWithNECount.yaml"
"400":
$ref: "../responses/400.yaml"
"401":
$ref: "../responses/401.yaml"
"403":
$ref: "../responses/403.yaml"
"429":
$ref: "../responses/429.yaml"
"500":
$ref: "../responses/500.yaml"

41
static/api-specs/idn/v3/paths/personal-access-token.yaml
View File

@@ -4,14 +4,13 @@ delete:
- Personal Access Tokens
summary: Delete Personal Access Token
description: >-
This deletes a personal access token </br>
</br>
Any of the following rights are required to access this resource:
<ul>
<li>idn:my-personal-access-tokens:delete</li>
<li>idn:all-personal-access-tokens:delete</li>
<li>idn:managed-personal-access-tokens:delete</li>
</ul>
This deletes a personal access token
Any of the following rights are required to access this resource:
idn:my-personal-access-tokens:delete
idn:all-personal-access-tokens:delete
idn:managed-personal-access-tokens:delete
parameters:
- in: path
name: id
@@ -21,17 +20,17 @@ delete:
description: The personal access token id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'204':
"204":
description: No content.
'400':
$ref: '../responses/400.yaml'
'401':
$ref: '../responses/401.yaml'
'403':
$ref: '../responses/403.yaml'
'404':
$ref: '../responses/404.yaml'
'429':
$ref: '../responses/429.yaml'
'500':
$ref: '../responses/500.yaml'
"400":
$ref: "../responses/400.yaml"
"401":
$ref: "../responses/401.yaml"
"403":
$ref: "../responses/403.yaml"
"404":
$ref: "../responses/404.yaml"
"429":
$ref: "../responses/429.yaml"
"500":
$ref: "../responses/500.yaml"

109
static/api-specs/idn/v3/paths/personal-access-tokens.yaml
View File

@@ -4,87 +4,92 @@ get:
- Personal Access Tokens
summary: List Personal Access Tokens
description: >-
This gets a collection of personal access tokens associated with the optional <code>owner-id</code>. </br>
query parameter. If the <code>owner-id</code> query parameter is omitted, all personal access tokens </br>
for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right. </br>
</br>
Any of the following rights are required to access this resource:
<ul>
<li>idn:my-personal-access-tokens:read</li>
<li>idn:all-personal-access-tokens:read</li>
<li>idn:managed-personal-access-tokens:read</li>
</ul>
This gets a collection of personal access tokens associated with the
optional owner-id. query parameter. If the owner-id query parameter is
omitted, all personal access tokens
for a tenant will be retrieved, but the caller must have the
'idn:all-personal-access-tokens:read' right.
Any of the following rights are required to access this resource:
idn:my-personal-access-tokens:read
idn:all-personal-access-tokens:read
idn:managed-personal-access-tokens:read
parameters:
- in: query
name: owner-id
description: >-
The identity ID of the owner whose personal access tokens should be listed. </br>
If "me", the caller should have the following right: 'idn:my-personal-access-tokens:read'</br>
</br>
If an actual owner ID or if the <code>owner-id</code> parameter is omitted in the request, </br>
the caller should have the following right: 'idn:all-personal-access-tokens:read'. </br>
</br>
If the caller has the following right, then managed personal access tokens associated with <code>owner-id</code> </br>
will be retrieved: 'idn:managed-personal-access-tokens:read'
The identity ID of the owner whose personal access tokens should be
listed. If "me", the caller should have the following right:
'idn:my-personal-access-tokens:read'
If an actual owner ID or if the owner-id parameter is omitted in the
request, the caller should have the following right:
'idn:all-personal-access-tokens:read'.
If the caller has the following right, then managed personal access
tokens associated with owner-id will be retrieved:
'idn:managed-personal-access-tokens:read'
required: false
schema:
type: string
default: null
example: 2c9180867b50d088017b554662fb281e
responses:
'200':
"200":
description: List of personal access tokens.
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/GetPersonalAccessTokenResponse.yaml'
'400':
$ref: '../responses/400.yaml'
'401':
$ref: '../responses/401.yaml'
'403':
$ref: '../responses/403.yaml'
'429':
$ref: '../responses/429.yaml'
'500':
$ref: '../responses/500.yaml'
$ref: "../schemas/GetPersonalAccessTokenResponse.yaml"
"400":
$ref: "../responses/400.yaml"
"401":
$ref: "../responses/401.yaml"
"403":
$ref: "../responses/403.yaml"
"429":
$ref: "../responses/429.yaml"
"500":
$ref: "../responses/500.yaml"
post:
operationId: createPersonalAccessToken
tags:
- Personal Access Tokens
summary: Create Personal Access Token
description: >-
This creates a personal access token. </br>
</br>
Any of the following rights are required to access this resource:
<ul>
<li>idn:my-personal-access-tokens:create</li>
<li>idn:all-personal-access-tokens:create</li>
<li>idn:managed-personal-access-tokens:create</li>
</ul>
This creates a personal access token.
Any of the following rights are required to access this resource:
idn:my-personal-access-tokens:create
idn:all-personal-access-tokens:create
idn:managed-personal-access-tokens:create
requestBody:
description: Name and scope of personal access token.
required: true
content:
application/json:
schema:
$ref: '../schemas/CreatePersonalAccessTokenRequest.yaml'
$ref: "../schemas/CreatePersonalAccessTokenRequest.yaml"
responses:
'200':
description: Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed.
"200":
description:
Created. Note - this is the only time Personal Access Tokens' secret
attribute will be displayed.
content:
application/json:
schema:
$ref: '../schemas/CreatePersonalAccessTokenResponse.yaml'
'400':
$ref: '../responses/400.yaml'
'401':
$ref: '../responses/401.yaml'
'403':
$ref: '../responses/403.yaml'
'429':
$ref: '../responses/429.yaml'
'500':
$ref: '../responses/500.yaml'
$ref: "../schemas/CreatePersonalAccessTokenResponse.yaml"
"400":
$ref: "../responses/400.yaml"
"401":
$ref: "../responses/401.yaml"
"403":
$ref: "../responses/403.yaml"
"429":
$ref: "../responses/429.yaml"
"500":
$ref: "../responses/500.yaml"

62
static/api-specs/idn/v3/schemas/transforms/AccountAttribute.yaml
View File

@@ -1,8 +1,8 @@
title: accountAttribute
type: object
required:
- sourceName
- attributeName
- sourceName
- attributeName
properties:
sourceName:
type: string
@@ -10,46 +10,60 @@ properties:
example: Workday
attributeName:
type: string
description: The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.
description:
The name of the attribute on the account to return. This should match the
name of the account attribute name visible in the user interface, or on
the source schema.
example: DEPARTMENT
accountSortAttribute:
accountSortAttribute:
type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
description:
The value of this configuration is a string name of the attribute to use
when determining the ordering of returned accounts when there are multiple
entries
example: created
accountSortDescending:
type: boolean
description: >-
The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts.
If not defined, the transform will default to false (ascending order)
The value of this configuration is a boolean (true/false). Controls the
order of the sort when there are multiple accounts. If not defined, the
transform will default to false (ascending order)
example: false
accountReturnFirstLink:
type: boolean
description: >-
The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute.
If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value.
If not defined, the transform will default to false
The value of this configuration is a boolean (true/false). Controls which
account to source a value from for an attribute. If this flag is set to
true, the transform returns the value from the first account in the list,
even if it is null. If it is set to false, the transform returns the first
non-null value. If not defined, the transform will default to false
example: false
accountFilter:
type: string
description: >-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database.
The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
This expression queries the database to narrow search results. The value
of this configuration is a sailpoint.object.Filter expression and used
when searching against the database. The default filter will always
include the source and identity, and any subsequent expressions will be
combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: </br>
- `nativeIdentity` - the Account ID </br>
- `displayName` - the Account Name </br>
- `entitlements` - a boolean value to determine if the account has entitlements
example: "!(nativeIdentity.startsWith(\"*DELETED*\"))"
Only certain searchable attributes are available: - `nativeIdentity` -
the Account ID - `displayName` - the Account Name - `entitlements` - a
boolean value to determine if the account has entitlements
example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: >-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
This expression is used to search and filter accounts in memory. The value
of this configuration is a sailpoint.object.Filter expression and used
when searching against the returned resultset.
All account attributes are available for filtering as this operation is
performed in memory.
example: "(groups.containsAll({'Admin'}) || location == 'Austin')"
requiresPeriodicRefresh:
$ref: './RequiresPeriodicRefresh.yaml'
$ref: "./RequiresPeriodicRefresh.yaml"
input:
$ref: './input.yaml'
$ref: "./input.yaml"