diff --git a/static/api-specs/idn/beta/paths/auth-org-lockout-config.yaml b/static/api-specs/idn/beta/paths/auth-org-lockout-config.yaml
index 11c2138cb..8218fb044 100644
--- a/static/api-specs/idn/beta/paths/auth-org-lockout-config.yaml
+++ b/static/api-specs/idn/beta/paths/auth-org-lockout-config.yaml
@@ -4,23 +4,23 @@ get:
- Auth Org Configuration
summary: Get the org's auth org lockout configuration.
description: >-
- This API returns the details of an org's lockout auth configuration.
+ This API returns the details of an org's lockout auth configuration.
Requires security scope of: 'sp:auth-org:read'
responses:
- '200':
+ "200":
description: Lockout configuration for the tenant's auth org.
content:
application/json:
schema:
- $ref: '../schemas/LockoutConfiguration.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '404':
- $ref: '../../v3/responses/404.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/LockoutConfiguration.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../v3/responses/404.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:read]
post:
@@ -29,38 +29,37 @@ post:
- Auth Org Configuration
summary: Create the org's auth org lockout configuration.
description: >-
- This API returns the details of an org's lockout auth configuration.
+ This API returns the details of an org's lockout auth configuration.
Requires security scope of: 'sp:auth-org:create'
requestBody:
required: true
description: >-
- Lockout configuration creation request body.
-
- The following constraints ensure the request body conforms to certain logical guidelines, which are:
+ Lockout configuration creation request body. The following constraints
+ ensure the request body conforms to certain logical guidelines, which are:
1. maximumAttempts >= 1 && maximumAttempts <= 15
2. lockoutDuration >= 5 && lockoutDuration <= 60
3. lockoutWindow >= 5 && lockoutDuration <= 60
content:
application/json:
schema:
- $ref: '../schemas/LockoutConfiguration.yaml'
+ $ref: "../schemas/LockoutConfiguration.yaml"
responses:
- '200':
+ "200":
description: Lockout configuration for the tenant.
content:
application/json:
schema:
- $ref: '../schemas/LockoutConfiguration.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '404':
- $ref: '../../v3/responses/404.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/LockoutConfiguration.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../v3/responses/404.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:create]
patch:
@@ -69,14 +68,16 @@ patch:
- Auth Org Configuration
summary: Update the org's auth org lockout configuration
description: >-
- This API updates an existing lockout configuration for an org using PATCH
- Requires security scope of: 'sp:auth-org:update'
+ This API updates an existing lockout configuration for an org using PATCH
+ Requires security scope of: 'sp:auth-org:update'
requestBody:
required: true
description: >-
- A list of auth org lockout configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
-
- Ensures that the patched Lockout Config conforms to certain logical guidelines, which are:
+ A list of auth org lockout configuration update operations according to
+ the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
+
+ Ensures that the patched Lockout Config conforms to certain logical
+ guidelines, which are:
1. maximumAttempts >= 1 && maximumAttempts <= 15
2. lockoutDuration >= 5 && lockoutDuration <= 60
3. lockoutWindow >= 5 && lockoutDuration <= 60
@@ -85,7 +86,7 @@ patch:
schema:
type: array
items:
- $ref: '../schemas/JsonPatchOperation.yaml'
+ $ref: "../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/maximumAttempts"
@@ -94,21 +95,21 @@ patch:
path: "/lockoutDuration"
value: 35
responses:
- '200':
+ "200":
description: Updated Auth Org lockout configuration.
content:
application/json:
schema:
- $ref: '../schemas/LockoutConfiguration.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '404':
- $ref: '../../v3/responses/404.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/LockoutConfiguration.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../v3/responses/404.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:update]
diff --git a/static/api-specs/idn/beta/paths/auth-org-network-config.yaml b/static/api-specs/idn/beta/paths/auth-org-network-config.yaml
index 1dcc0a472..c6890501e 100644
--- a/static/api-specs/idn/beta/paths/auth-org-network-config.yaml
+++ b/static/api-specs/idn/beta/paths/auth-org-network-config.yaml
@@ -4,23 +4,23 @@ get:
- Auth Org Configuration
summary: Get the org's auth org network configuration.
description: >-
- This API returns the details of an org's network auth configuration.
+ This API returns the details of an org's network auth configuration.
Requires security scope of: 'sp:auth-org:read'
responses:
- '200':
+ "200":
description: Network configuration for the tenant's auth org.
content:
application/json:
schema:
- $ref: '../schemas/NetworkConfiguration.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '404':
- $ref: '../../v3/responses/404.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/NetworkConfiguration.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../v3/responses/404.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:read]
post:
@@ -29,37 +29,38 @@ post:
- Auth Org Configuration
summary: Create the org's auth org network configuration.
description: >-
- This API returns the details of an org's network auth configuration.
+ This API returns the details of an org's network auth configuration.
Requires security scope of: 'sp:auth-org:create'
requestBody:
required: true
description: >-
- Network configuration creation request body.
-
- The following constraints ensure the request body conforms to certain logical guidelines, which are:
- 1. Each string element in the range array must be a valid ip address or ip subnet mask.
- 2. Each string element in the geolocation array must be 2 characters, and they can only be uppercase letters.
+ Network configuration creation request body. The following constraints
+ ensure the request body conforms to certain logical guidelines, which are:
+ 1. Each string element in the range array must be a valid ip address or
+ ip subnet mask.
+ 2. Each string element in the geolocation array must be 2 characters,
+ and they can only be uppercase letters.
content:
application/json:
schema:
- $ref: '../schemas/NetworkConfiguration.yaml'
+ $ref: "../schemas/NetworkConfiguration.yaml"
responses:
- '200':
+ "200":
description: Network configuration for the tenant.
content:
application/json:
schema:
- $ref: '../schemas/NetworkConfiguration.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '404':
- $ref: '../../v3/responses/404.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/NetworkConfiguration.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../v3/responses/404.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:create]
patch:
@@ -68,22 +69,26 @@ patch:
- Auth Org Configuration
summary: Update the org's auth org network configuration
description: >-
- This API updates an existing network configuration for an org using PATCH
- Requires security scope of: 'sp:auth-org:update'
+ This API updates an existing network configuration for an org using PATCH
+ Requires security scope of: 'sp:auth-org:update'
requestBody:
required: true
description: >-
- A list of auth org network configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
-
- Ensures that the patched Network Config conforms to certain logical guidelines, which are:
- 1. Each string element in the range array must be a valid ip address or ip subnet mask.
- 2. Each string element in the geolocation array must be 2 characters, and they can only be uppercase letters.
+ A list of auth org network configuration update operations according to
+ the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
+
+ Ensures that the patched Network Config conforms to certain logical
+ guidelines, which are:
+ 1. Each string element in the range array must be a valid ip address or
+ ip subnet mask.
+ 2. Each string element in the geolocation array must be 2 characters,
+ and they can only be uppercase letters.
content:
application/json-patch+json:
schema:
type: array
items:
- $ref: '../schemas/JsonPatchOperation.yaml'
+ $ref: "../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/whitelisted"
@@ -92,21 +97,21 @@ patch:
path: "/geolocation"
value: ["AF", "HN", "ES"]
responses:
- '200':
+ "200":
description: Updated Auth Org network configuration.
content:
application/json:
schema:
- $ref: '../schemas/NetworkConfiguration.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '404':
- $ref: '../../v3/responses/404.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/NetworkConfiguration.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../v3/responses/404.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:update]
diff --git a/static/api-specs/idn/beta/paths/auth-org-service-provider-config.yaml b/static/api-specs/idn/beta/paths/auth-org-service-provider-config.yaml
index 3c0112d05..6ffed5897 100644
--- a/static/api-specs/idn/beta/paths/auth-org-service-provider-config.yaml
+++ b/static/api-specs/idn/beta/paths/auth-org-service-provider-config.yaml
@@ -4,27 +4,27 @@ get:
- Auth Org Configuration
summary: Get Service Provider Configuration.
description: >-
- This API returns the details of an org's service provider auth configuration.
- Requires security scope of: 'sp:auth-org:read'
+ This API returns the details of an org's service provider auth
+ configuration. Requires security scope of: 'sp:auth-org:read'
responses:
- '200':
+ "200":
description: Service provider configuration for the tenant.
content:
application/json:
schema:
- $ref: '../schemas/ServiceProviderConfiguration.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '404':
- $ref: '../../v3/responses/404.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/ServiceProviderConfiguration.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../v3/responses/404.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:read]
patch:
@@ -33,63 +33,73 @@ patch:
- Auth Org Configuration
summary: Update Service Provider Configuration
description: >-
- This API updates an existing service provider configuration for an org using PATCH.
- Requires security scope of: 'sp:auth-org:update'
+ This API updates an existing service provider configuration for an org using
+ PATCH. Requires security scope of: 'sp:auth-org:update'
requestBody:
required: true
description: >-
- A list of auth org service provider configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
-
- Note:
- /federationProtocolDetails/0 is IdpDetails
- /federationProtocolDetails/1 is SpDetails
-
- Ensures that the patched ServiceProviderConfig conforms to certain logical guidelines, which are:
- 1. Do not add or remove any elements in the federation protocol details in the service provider configuration.
- 2. Do not modify, add, or delete the service provider details element in the federation protocol details.
- 3. If this is the first time the patched ServiceProviderConfig enables Remote IDP sign-in, it must also include IDPDetails.
- 4. If the patch enables Remote IDP sign in, the entityID in the IDPDetails cannot be null. IDPDetails must include an entityID.
+ A list of auth org service provider configuration update operations
+ according to the [JSON Patch](https://tools.ietf.org/html/rfc6902)
+ standard.
+
+ Note: /federationProtocolDetails/0 is IdpDetails
+ /federationProtocolDetails/1 is SpDetails
+
+ Ensures that the patched ServiceProviderConfig conforms to certain logical
+ guidelines, which are:
+ 1. Do not add or remove any elements in the federation protocol details
+ in the service provider configuration.
+ 2. Do not modify, add, or delete the service provider details element in
+ the federation protocol details.
+ 3. If this is the first time the patched ServiceProviderConfig enables
+ Remote IDP sign-in, it must also include IDPDetails.
+ 4. If the patch enables Remote IDP sign in, the entityID in the
+ IDPDetails cannot be null. IDPDetails must include an entityID.
5. Any JIT configuration update must be valid.
- Just in time configuration update must be valid when enabled. This includes:
+ Just in time configuration update must be valid when enabled. This
+ includes:
- A Source ID
- Source attribute mappings
- - Source attribute maps have all the required key values (firstName, lastName, email)
+ - Source attribute maps have all the required key values (firstName,
+ lastName, email)
content:
application/json-patch+json:
schema:
type: array
items:
- $ref: '../schemas/JsonPatchOperation.yaml'
+ $ref: "../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/enabled"
value: true,
- op: "add"
path: "/federationProtocolDetails/0/jitConfiguration"
- value: {
- "enabled": true,
- "sourceId": "2c9180857377ed2901739c12a2da5ac8",
- "sourceAttributeMappings": {
- "firstName": "okta.firstName",
- "lastName": "okta.lastName",
- "email": "okta.email",
- "employeeNumber": "okta.employeeNumber"
+ value:
+ {
+ "enabled": true,
+ "sourceId": "2c9180857377ed2901739c12a2da5ac8",
+ "sourceAttributeMappings":
+ {
+ "firstName": "okta.firstName",
+ "lastName": "okta.lastName",
+ "email": "okta.email",
+ "employeeNumber": "okta.employeeNumber",
+ },
}
- }
responses:
- '200':
+ "200":
description: Auth Org Service Provider configuration updated.
content:
application/json:
schema:
- $ref: '../schemas/ServiceProviderConfiguration.yaml'
- '400':
+ $ref: "../schemas/ServiceProviderConfiguration.yaml"
+ "400":
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
- $ref: '../../v3/schemas/ErrorResponseDto.yaml'
+ $ref: "../../v3/schemas/ErrorResponseDto.yaml"
examples:
400.1 Bad Request Content:
description: Response for bad request content
@@ -109,15 +119,15 @@ patch:
- locale: en
localeOrigin: REQUEST
text: JIT source id is invalid.
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '404':
- $ref: '../../v3/responses/404.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../v3/responses/404.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:update]
diff --git a/static/api-specs/idn/beta/paths/auth-org-session-config.yaml b/static/api-specs/idn/beta/paths/auth-org-session-config.yaml
index c08ab8aa0..406995dd5 100644
--- a/static/api-specs/idn/beta/paths/auth-org-session-config.yaml
+++ b/static/api-specs/idn/beta/paths/auth-org-session-config.yaml
@@ -4,23 +4,23 @@ get:
- Auth Org Configuration
summary: Get the org's auth org session configuration.
description: >-
- This API returns the details of an org's session auth configuration.
+ This API returns the details of an org's session auth configuration.
Requires security scope of: 'sp:auth-org:read'
responses:
- '200':
+ "200":
description: Session configuration for the tenant's auth org.
content:
application/json:
schema:
- $ref: '../schemas/SessionConfiguration.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '404':
- $ref: '../../v3/responses/404.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/SessionConfiguration.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../v3/responses/404.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:read]
post:
@@ -29,38 +29,37 @@ post:
- Auth Org Configuration
summary: Create the org's auth org session configuration.
description: >-
- This API returns the details of an org's session auth configuration.
+ This API returns the details of an org's session auth configuration.
Requires security scope of: 'sp:auth-org:create'
requestBody:
required: true
description: >-
- Session configuration creation request body.
-
- The following constraints ensure the request body conforms to certain logical guidelines, which are:
+ Session configuration creation request body. The following constraints
+ ensure the request body conforms to certain logical guidelines, which are:
1. maxSessionTime >= 1 && maxSessionTime <= 10080 (1 week)
2. maxIdleTime >= 1 && maxIdleTime <= 1440 (1 day)
3. maxSessionTime must have a greater duration than maxIdleTime.
content:
application/json:
schema:
- $ref: '../schemas/SessionConfiguration.yaml'
+ $ref: "../schemas/SessionConfiguration.yaml"
responses:
- '200':
+ "200":
description: Session configuration for the tenant.
content:
application/json:
schema:
- $ref: '../schemas/SessionConfiguration.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '404':
- $ref: '../../v3/responses/404.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/SessionConfiguration.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../v3/responses/404.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:create]
patch:
@@ -69,14 +68,16 @@ patch:
- Auth Org Configuration
summary: Update the org's auth org session configuration
description: >-
- This API updates an existing session configuration for an org using PATCH
- Requires security scope of: 'sp:auth-org:update'
+ This API updates an existing session configuration for an org using PATCH
+ Requires security scope of: 'sp:auth-org:update'
requestBody:
required: true
description: >-
- A list of auth org session configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
-
- Ensures that the patched Session Config conforms to certain logical guidelines, which are:
+ A list of auth org session configuration update operations according to
+ the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
+
+ Ensures that the patched Session Config conforms to certain logical
+ guidelines, which are:
1. maxSessionTime >= 1 && maxSessionTime <= 10080 (1 week)
2. maxIdleTime >= 1 && maxIdleTime <= 1440 (1 day)
3. maxSessionTime must have a greater duration than maxIdleTime.
@@ -85,7 +86,7 @@ patch:
schema:
type: array
items:
- $ref: '../schemas/JsonPatchOperation.yaml'
+ $ref: "../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/rememberMe"
@@ -94,21 +95,21 @@ patch:
path: "/maxSessionTime"
value: 480
responses:
- '200':
+ "200":
description: Updated Auth Org session configuration.
content:
application/json:
schema:
- $ref: '../schemas/SessionConfiguration.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '404':
- $ref: '../../v3/responses/404.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/SessionConfiguration.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../v3/responses/404.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:update]
diff --git a/static/api-specs/idn/beta/paths/authmfa/confirm-registration.yaml b/static/api-specs/idn/beta/paths/authmfa/confirm-registration.yaml
index e12e274b4..c45a7c39e 100644
--- a/static/api-specs/idn/beta/paths/authmfa/confirm-registration.yaml
+++ b/static/api-specs/idn/beta/paths/authmfa/confirm-registration.yaml
@@ -4,34 +4,40 @@ post:
- Auth MFA
summary: Confirm a user's registration for MFA
description: >-
- For a user who is not currently registered for MFA and who has just scanned the QR code containing the TOTP URL provided by the /generate-secret
- endpoint, confirms registration for MFA by validating a new TOTP code generated by the authenticator used to scan the QR code containing the TOTP URL.
-
- Request requires a unique header as proof of partial authentication. This header is called 'slpt-auth-mfa', and it must contain a special
- MFA token for calling this endpoint.
-
- While no specific right is required for a user to confirm registration, it is expected that the caller first make a request to the /generate-secret
- endpoint so that a TOTP secret exists as a basis for registration confirmation. It is also assumed that the caller has previously verified that the user is
- associated with an auth profile that has MFA enabled.
+ For a user who is not currently registered for MFA and who has just scanned
+ the QR code containing the TOTP URL provided by the /generate-secret
+ endpoint, confirms registration for MFA by validating a new TOTP code
+ generated by the authenticator used to scan the QR code containing the TOTP
+ URL.
+
+ Request requires a unique header as proof of partial authentication. This
+ header is called 'slpt-auth-mfa', and it must contain a special MFA token
+ for calling this endpoint.
+
+ While no specific right is required for a user to confirm registration, it
+ is expected that the caller first make a request to the /generate-secret
+ endpoint so that a TOTP secret exists as a basis for registration
+ confirmation. It is also assumed that the caller has previously verified
+ that the user is associated with an auth profile that has MFA enabled.
requestBody:
description: Request body containing TOTP code to validate.
required: true
content:
application/json:
schema:
- $ref: '../../schemas/TotpCodeRequest.yaml'
+ $ref: "../../schemas/TotpCodeRequest.yaml"
responses:
- '200':
+ "200":
description: Response indicating that the user's MFA has been verified.
content:
application/json:
schema:
- $ref: '../../schemas/MfaVerificationResponse.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '429':
- $ref: '../../../v3/responses/429.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/MfaVerificationResponse.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/authmfa/generate-mfa-token.yaml b/static/api-specs/idn/beta/paths/authmfa/generate-mfa-token.yaml
index 9ea9f4be7..2e2fc97d4 100644
--- a/static/api-specs/idn/beta/paths/authmfa/generate-mfa-token.yaml
+++ b/static/api-specs/idn/beta/paths/authmfa/generate-mfa-token.yaml
@@ -4,41 +4,46 @@ post:
- Auth MFA
summary: Generate a special token for calling sp-mfa /totp/** APIs
description: >-
- Generates an MFA token and establishes an unverified MFA-on-login context state.
- Callable by either an internal service or an authenticated user.
-
- When called by an internal service, the calling service must present the target user's external id as the requestedFor value.
-
- When called by an authenticated user, the proxying service must present "me" as the the requestedFor value.
-
- The following rights are required to access this endpoint: sp:mfa-token-all:create, sp:mfa-token-self:create
-
- If an external id is presented as the request body's requestedFor value, the caller must possess the sp:mfa-token-all:create right.
-
- This implies that an internal service is obtaining an MFA token on behalf of a user.
+ Generates an MFA token and establishes an unverified MFA-on-login context
+ state. Callable by either an internal service or an authenticated user.
+
+ When called by an internal service, the calling service must present the
+ target user's external id as the requestedFor value.
+
+ When called by an authenticated user, the proxying service must present "me"
+ as the the requestedFor value.
+
+ The following rights are required to access this endpoint:
+ sp:mfa-token-all:create, sp:mfa-token-self:create
+
+ If an external id is presented as the request body's requestedFor value, the
+ caller must possess the sp:mfa-token-all:create right.
+
+ This implies that an internal service is obtaining an MFA token on behalf of
+ a user.
requestBody:
- description: Request body containing requestedFor value.
+ description: Request body containing requestedFor value.
required: true
content:
application/json:
schema:
- $ref: '../../schemas/GetMfaTokenRequest.yaml'
+ $ref: "../../schemas/GetMfaTokenRequest.yaml"
responses:
- '200':
+ "200":
description: Response containing an MFA Token.
content:
application/json:
schema:
- $ref: '../../schemas/GetMfaTokenResponse.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '404':
- $ref: '../../../v3/responses/404.yaml'
- '429':
- $ref: '../../../v3/responses/429.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/GetMfaTokenResponse.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../../v3/responses/404.yaml"
+ "429":
+ $ref: "../../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/authmfa/generate-secret.yaml b/static/api-specs/idn/beta/paths/authmfa/generate-secret.yaml
index 80c78fffd..8ed61fff5 100644
--- a/static/api-specs/idn/beta/paths/authmfa/generate-secret.yaml
+++ b/static/api-specs/idn/beta/paths/authmfa/generate-secret.yaml
@@ -2,27 +2,34 @@ post:
operationId: authMfaGenerateSecret
tags:
- Auth MFA
- summary: Generate a TOTP secret embedded within a TOTP link for use with an authenticator
+ summary:
+ Generate a TOTP secret embedded within a TOTP link for use with an
+ authenticator
description: >-
- For a user who is not currently registered for MFA, generates a secret to share with the user's chosen authenticator app.
-
- Request requires a unique header as proof of partial authentication called 'slpt-auth-mfa', and it must contain a special
- MFA token for calling this endpoint.
-
- While no specific right is required for a user to generate a secret, it is expected that the caller first verify that
- the user is associated with an auth profile that has MFA enabled.
+ For a user who is not currently registered for MFA, generates a secret to
+ share with the user's chosen authenticator app.
+
+ Request requires a unique header as proof of partial authentication called
+ 'slpt-auth-mfa', and it must contain a special MFA token for calling this
+ endpoint.
+
+ While no specific right is required for a user to generate a secret, it is
+ expected that the caller first verify that the user is associated with an
+ auth profile that has MFA enabled.
responses:
- '200':
- description: Response containing user's username, a newly-generated secret, and a TOTP link for a QR code generator to use.
+ "200":
+ description:
+ Response containing user's username, a newly-generated secret, and a
+ TOTP link for a QR code generator to use.
content:
application/json:
schema:
- $ref: '../../schemas/GetSecretResponse.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '429':
- $ref: '../../../v3/responses/429.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/GetSecretResponse.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/authmfa/mfa-registration-reset.yaml b/static/api-specs/idn/beta/paths/authmfa/mfa-registration-reset.yaml
index 33a99f6e7..a695cf55e 100644
--- a/static/api-specs/idn/beta/paths/authmfa/mfa-registration-reset.yaml
+++ b/static/api-specs/idn/beta/paths/authmfa/mfa-registration-reset.yaml
@@ -4,37 +4,40 @@ post:
- Auth MFA
summary: Disable a user's registration for MFA
description: >-
- Disables a user's registration for MFA. The specified user is tied to the `requestedFor` body param and can either be an external id,
- when resetting the registration on someone else's behalf, or "me", when resetting the registration for one's self.
-
- Either of The following rights is necessary to access this endpoint:
-
- sp:mfa-login-registration-reset-all:executesp:mfa-login-registration-reset-self:execute
-
- The first right allows someone else or a system to reset a user's registration for MFA. The second right allows the user to reset his or her own registration for MFA.
+ Disables a user's registration for MFA. The specified user is tied to the
+ `requestedFor` body param and can either be an external id, when resetting
+ the registration on someone else's behalf, or "me", when resetting the
+ registration for one's self.
+
+ Either of The following rights is necessary to access this endpoint:
+ sp:mfa-login-registration-reset-all:execute
+ sp:mfa-login-registration-reset-self:execute
+
+
+ The first right allows someone else or a system to reset a user's
+ registration for MFA. The second right allows the user to reset his or her
+ own registration for MFA.
requestBody:
description: MFA registration reset request body.
required: true
content:
application/json:
schema:
- $ref: '../../schemas/MfaResetRequest.yaml'
+ $ref: "../../schemas/MfaResetRequest.yaml"
responses:
- '200':
+ "200":
description: Response indicating that the user is registered for MFA.
content:
application/json:
schema:
- $ref: '../../schemas/MfaRegistrationResponse.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '429':
- $ref: '../../../v3/responses/429.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/MfaRegistrationResponse.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/authmfa/registration-status.yaml b/static/api-specs/idn/beta/paths/authmfa/registration-status.yaml
index 5a89d4911..9673fbd6b 100644
--- a/static/api-specs/idn/beta/paths/authmfa/registration-status.yaml
+++ b/static/api-specs/idn/beta/paths/authmfa/registration-status.yaml
@@ -4,11 +4,14 @@ get:
- Auth MFA
summary: Determine whether the user is registered for MFA
description: >-
- Gives the caller an indication of whether or not the user associated with the externalId path param is registered for MFA.
-
- The following right is necessary to access this endpoint: sp:mfa-login-registration:read.
-
- It is also assumed that the caller has previously verified that the user is associated with an auth profile that has MFA enabled.
+ Gives the caller an indication of whether or not the user associated with
+ the externalId path param is registered for MFA.
+
+ The following right is necessary to access this endpoint:
+ sp:mfa-login-registration:read.
+
+ It is also assumed that the caller has previously verified that the user is
+ associated with an auth profile that has MFA enabled.
parameters:
- in: path
name: externalId
@@ -18,17 +21,17 @@ get:
description: The user's external ID
example: 2c9180867b50d088017b554662fb281e
responses:
- '200':
+ "200":
description: Response indicating that the user is registered for MFA.
content:
application/json:
schema:
- $ref: '../../schemas/MfaRegistrationResponse.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '429':
- $ref: '../../../v3/responses/429.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/MfaRegistrationResponse.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/authmfa/verify-code.yaml b/static/api-specs/idn/beta/paths/authmfa/verify-code.yaml
index 3d5229e4a..f2d545670 100644
--- a/static/api-specs/idn/beta/paths/authmfa/verify-code.yaml
+++ b/static/api-specs/idn/beta/paths/authmfa/verify-code.yaml
@@ -4,32 +4,36 @@ post:
- Auth MFA
summary: Validate a TOTP code generated by a user's authenticator
description: >-
- For a user who is registered for MFA, validates a TOTP code generated by the user's authenticator.
-
- Request requires a unique header as proof of partial authentication. This header is called 'slpt-auth-mfa', and it must contain a special
- MFA token for calling this endpoint.
-
- While no specific right is required for a user to have a TOTP code verified, it is assumed that the caller has previously verified that the user is
- associated with an auth profile that has MFA enabled and that the user has already registered an authenticator for multi-factor authentication.
+ For a user who is registered for MFA, validates a TOTP code generated by the
+ user's authenticator.
+
+ Request requires a unique header as proof of partial authentication. This
+ header is called 'slpt-auth-mfa', and it must contain a special MFA token
+ for calling this endpoint.
+
+ While no specific right is required for a user to have a TOTP code verified,
+ it is assumed that the caller has previously verified that the user is
+ associated with an auth profile that has MFA enabled and that the user has
+ already registered an authenticator for multi-factor authentication.
requestBody:
description: Request body containing TOTP code to validate.
required: true
content:
application/json:
schema:
- $ref: '../../schemas/TotpCodeRequest.yaml'
+ $ref: "../../schemas/TotpCodeRequest.yaml"
responses:
- '200':
+ "200":
description: Response indicating that the user's MFA has been verified.
content:
application/json:
schema:
- $ref: '../../schemas/MfaVerificationResponse.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '429':
- $ref: '../../../v3/responses/429.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/MfaVerificationResponse.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/ears-entitlement-bulk-update.yaml b/static/api-specs/idn/beta/paths/ears-entitlement-bulk-update.yaml
index 9966f8fab..a04cc3a75 100644
--- a/static/api-specs/idn/beta/paths/ears-entitlement-bulk-update.yaml
+++ b/static/api-specs/idn/beta/paths/ears-entitlement-bulk-update.yaml
@@ -10,10 +10,10 @@ post:
The number of entitlements to update is limited to 50 items maximum.
- The JsonPatch update follows the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
- allowed operations :
- **{ "op": "replace", "path": "/privileged", "value": boolean }**
- **{ "op": "replace", "path": "/requestable","value": boolean }**
+ The JsonPatch update follows the [JSON
+ Patch](https://tools.ietf.org/html/rfc6902) standard. allowed operations :
+ **{ "op": "replace", "path": "/privileged", "value": boolean }** **{ "op":
+ "replace", "path": "/requestable","value": boolean }**
A token with ORG_ADMIN or API authority is required to call this API.
@@ -22,17 +22,17 @@ post:
content:
application/json:
schema:
- $ref: '../schemas/EntitlementBulkUpdateRequest.yaml'
+ $ref: "../schemas/EntitlementBulkUpdateRequest.yaml"
responses:
- '204':
- $ref: '../../v3/responses/204.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ "204":
+ $ref: "../../v3/responses/204.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/mfa-config-test.yaml b/static/api-specs/idn/beta/paths/mfa-config-test.yaml
index f60a3e0d2..b3dc41cc4 100644
--- a/static/api-specs/idn/beta/paths/mfa-config-test.yaml
+++ b/static/api-specs/idn/beta/paths/mfa-config-test.yaml
@@ -4,8 +4,9 @@ get:
- MFA Configuration
summary: Test configuration of a MFA method
description: >-
- This API validates that the configuration is valid and will properly authenticate with the MFA provider identified by the method path parameter.
-
+ This API validates that the configuration is valid and will properly
+ authenticate with the MFA provider identified by the method path parameter.
+
A token with ORG_ADMIN authority is required to call this API.
security:
- oauth2: [idn:mfa-config:read]
@@ -18,27 +19,23 @@ get:
required: true
description: >-
The name of the MFA method.
-
+
The currently supported method name is okta-verify.
responses:
- '200':
+ "200":
description: The result of configuration test for the MFA provider.
content:
application/json:
schema:
- $ref: '../schemas/MfaConfigTestResponse.yaml'
- example:
- {
- "state": "SUCCESS",
- "error": null
- }
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
\ No newline at end of file
+ $ref: "../schemas/MfaConfigTestResponse.yaml"
+ example: { "state": "SUCCESS", "error": null }
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/mfa-config.yaml b/static/api-specs/idn/beta/paths/mfa-config.yaml
index 1c700d781..cf4e96a4f 100644
--- a/static/api-specs/idn/beta/paths/mfa-config.yaml
+++ b/static/api-specs/idn/beta/paths/mfa-config.yaml
@@ -5,7 +5,7 @@ get:
summary: Get configuration of a MFA method
description: >-
This API returns the configuration of a given MFA method.
-
+
A token with ORG_ADMIN authority is required to call this API.
security:
- oauth2: [idn:mfa-config:read]
@@ -18,32 +18,32 @@ get:
required: true
description: >-
The name of the MFA method.
-
+
The currently supported method name is okta-verify.
responses:
- '200':
+ "200":
description: MFA configuration of a given method.
content:
application/json:
schema:
- $ref: '../schemas/MfaConfig.yaml'
+ $ref: "../schemas/MfaConfig.yaml"
example:
{
- "enabled": true,
- "host": "www.example.com",
- "accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y",
- "identityAttribute": "email"
+ "enabled": true,
+ "host": "www.example.com",
+ "accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y",
+ "identityAttribute": "email",
}
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
put:
operationId: setMFAConfig
@@ -52,7 +52,7 @@ put:
summary: Set configuration of a MFA method
description: >-
This API sets the configuration of a given MFA method.
-
+
A token with ORG_ADMIN authority is required to call this API.
security:
- oauth2: [idn:mfa-config:write]
@@ -65,42 +65,42 @@ put:
required: true
description: >-
The name of the MFA method.
-
+
The currently supported method name is okta-verify.
requestBody:
required: true
content:
application/json:
schema:
- $ref: '../schemas/MfaConfig.yaml'
+ $ref: "../schemas/MfaConfig.yaml"
example:
- {
- "enabled": true,
- "host": "www.example.com",
- "accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y",
- "identityAttribute": "email"
- }
+ {
+ "enabled": true,
+ "host": "www.example.com",
+ "accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y",
+ "identityAttribute": "email",
+ }
responses:
- '200':
+ "200":
description: MFA configuration of a given method.
content:
application/json:
schema:
- $ref: '../schemas/MfaConfig.yaml'
+ $ref: "../schemas/MfaConfig.yaml"
example:
{
- "enabled": true,
- "host": "www.example.com",
- "accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y",
- "identityAttribute": "email"
+ "enabled": true,
+ "host": "www.example.com",
+ "accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y",
+ "identityAttribute": "email",
}
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/non-employee-approval-list.yaml b/static/api-specs/idn/beta/paths/non-employee-approval-list.yaml
index 46dc2bddf..f7dba7677 100644
--- a/static/api-specs/idn/beta/paths/non-employee-approval-list.yaml
+++ b/static/api-specs/idn/beta/paths/non-employee-approval-list.yaml
@@ -14,21 +14,23 @@ get:
schema:
type: string
description: >-
- The identity for whom the request was made. *me* indicates the current user.
+ The identity for whom the request was made. *me* indicates the current
+ user.
required: false
- - $ref: '../../v3/parameters/limit.yaml'
- - $ref: '../../v3/parameters/offset.yaml'
- - $ref: '../../v3/parameters/count.yaml'
+ - $ref: "../../v3/parameters/limit.yaml"
+ - $ref: "../../v3/parameters/offset.yaml"
+ - $ref: "../../v3/parameters/count.yaml"
- in: query
example: "filters=approvalStatus eq 'PENDING'"
name: filters
schema:
type: string
description: >-
- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
- Filtering is supported for the following fields and operators:
- **approvalStatus**: *eq*
- *Example:* approvalStatus eq "PENDING"
+ Filter results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+ Filtering is supported for the following fields and operators:
+ **approvalStatus**: *eq* *Example:* approvalStatus eq "PENDING"
- in: query
example: "sorters=-created"
name: sorters
@@ -36,25 +38,27 @@ get:
type: string
format: comma-separated
description: >-
- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+ Sort results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified**
responses:
- '200':
+ "200":
description: List of approval items.
content:
application/json:
schema:
type: array
items:
- $ref: '../schemas/NonEmployeeApprovalItem.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/NonEmployeeApprovalItem.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/non-employee-approval-summary.yaml b/static/api-specs/idn/beta/paths/non-employee-approval-summary.yaml
index 512753506..8ccf11cac 100644
--- a/static/api-specs/idn/beta/paths/non-employee-approval-summary.yaml
+++ b/static/api-specs/idn/beta/paths/non-employee-approval-summary.yaml
@@ -6,10 +6,13 @@ get:
- Non-Employee Lifecycle Management
summary: Get Summary of Non-Employee Approval Requests
description: >-
- This request will retrieve a summary of non-employee approval requests.
- There are two contextual uses for the `requested-for` path parameter:
- 1. The current user is the Org Admin, in which case he or she may request a summary of all non-employee approval requests assigned to a particular approver by passing in that approver's id.
- 2. The current user is an approver, in which case "me" should be provided as the `requested-for` value. This will provide the approver with a summary of the approval items assigned to him or her.
+ This request will retrieve a summary of non-employee approval requests.
+ There are two contextual uses for the `requested-for` path parameter: 1. The
+ current user is the Org Admin, in which case he or she may request a summary
+ of all non-employee approval requests assigned to a particular approver by
+ passing in that approver's id. 2. The current user is an approver, in which
+ case "me" should be provided as the `requested-for` value. This will provide
+ the approver with a summary of the approval items assigned to him or her.
parameters:
- in: path
example: "ac10d20a-841e-1e7d-8184-32d2e22c0179"
@@ -17,22 +20,23 @@ get:
schema:
type: string
description: >-
- The identity (UUID) of the approver for whom for whom the summary is being retrieved. Use "me" instead to indicate the current user.
+ The identity (UUID) of the approver for whom for whom the summary is
+ being retrieved. Use "me" instead to indicate the current user.
required: true
responses:
- '200':
+ "200":
description: summary of non-employee approval requests
content:
application/json:
schema:
- $ref: '../schemas/NonEmployeeApprovalSummary.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/NonEmployeeApprovalSummary.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/non-employee-records.yaml b/static/api-specs/idn/beta/paths/non-employee-records.yaml
index 41b527f71..b92d537ea 100644
--- a/static/api-specs/idn/beta/paths/non-employee-records.yaml
+++ b/static/api-specs/idn/beta/paths/non-employee-records.yaml
@@ -11,31 +11,31 @@ post:
Request will require the following security scope:
'idn:nesr:create'
-
+
requestBody:
description: Non-Employee record creation request body.
required: true
content:
application/json:
schema:
- $ref: '../schemas/NonEmployeeRequestBody.yaml'
+ $ref: "../schemas/NonEmployeeRequestBody.yaml"
responses:
- '200':
+ "200":
description: Created non-employee record.
content:
application/json:
schema:
- $ref: '../schemas/NonEmployeeRecord.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/NonEmployeeRecord.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
get:
operationId: nonEmployeeRecordList
security:
@@ -46,9 +46,9 @@ get:
description: >-
This gets a list of non-employee records.
parameters:
- - $ref: '../../v3/parameters/limit.yaml'
- - $ref: '../../v3/parameters/offset.yaml'
- - $ref: '../../v3/parameters/count.yaml'
+ - $ref: "../../v3/parameters/limit.yaml"
+ - $ref: "../../v3/parameters/offset.yaml"
+ - $ref: "../../v3/parameters/count.yaml"
- in: query
required: false
name: sorters
@@ -57,8 +57,12 @@ get:
format: comma-separated
example: accountName,sourceId
description: >-
- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
- Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**
+ Sort results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+ Sorting is supported for the following fields: **id, accountName,
+ sourceId, manager, firstName, lastName, email, phone, startDate,
+ endDate, created, modified**
- in: query
name: filters
required: false
@@ -66,26 +70,28 @@ get:
type: string
example: sourceId eq "2c91808568c529c60168cca6f90c1313"
description: >-
- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
- Filtering is supported for the following fields and operators:
- **sourceId**: *eq*
- *Example:* sourceId eq "2c91808568c529c60168cca6f90c1313"
+ Filter results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+ Filtering is supported for the following fields and operators:
+ **sourceId**: *eq* *Example:* sourceId eq
+ "2c91808568c529c60168cca6f90c1313"
responses:
- '200':
+ "200":
description: Non-Employee record objects
content:
application/json:
schema:
type: array
items:
- $ref: '../schemas/NonEmployeeRecord.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
\ No newline at end of file
+ $ref: "../schemas/NonEmployeeRecord.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/non-employee-request-summary-get.yaml b/static/api-specs/idn/beta/paths/non-employee-request-summary-get.yaml
index 5cafb88fb..f617c4fa2 100644
--- a/static/api-specs/idn/beta/paths/non-employee-request-summary-get.yaml
+++ b/static/api-specs/idn/beta/paths/non-employee-request-summary-get.yaml
@@ -6,34 +6,40 @@ get:
- Non-Employee Lifecycle Management
summary: Get Summary of Non-Employee Requests
description: >-
- This request will retrieve a summary of non-employee requests.
- There are two contextual uses for the `requested-for` path parameter:
- 1. The current user is the Org Admin, in which case he or she may request a summary of all non-employee approval requests assigned to a particular account manager by passing in that manager's id.
- 2. The current user is an account manager, in which case "me" should be provided as the `requested-for` value. This will provide the user with a summary of the non-employee requests in the source(s) he or she manages.
+ This request will retrieve a summary of non-employee requests. There are two
+ contextual uses for the `requested-for` path parameter: 1. The current user
+ is the Org Admin, in which case he or she may request a summary of all
+ non-employee approval requests assigned to a particular account manager by
+ passing in that manager's id. 2. The current user is an account manager, in
+ which case "me" should be provided as the `requested-for` value. This will
+ provide the user with a summary of the non-employee requests in the
+ source(s) he or she manages.
parameters:
- in: path
example: "ac10d20a-841e-1e7d-8184-32d2e22c0179"
name: requested-for
description: >-
- The identity (UUID) of the non-employee account manager for whom the summary is being retrieved. Use "me" instead to indicate the current user.
+ The identity (UUID) of the non-employee account manager for whom the
+ summary is being retrieved. Use "me" instead to indicate the current
+ user.
required: true
schema:
type: string
format: uuid (if user is Org Admin)
responses:
- '200':
+ "200":
description: Non-Employee request summary object.
content:
application/json:
schema:
- $ref: '../schemas/NonEmployeeRequestSummary.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/NonEmployeeRequestSummary.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/non-employee-requests.yaml b/static/api-specs/idn/beta/paths/non-employee-requests.yaml
index 1c7b2b67d..fa287cc93 100644
--- a/static/api-specs/idn/beta/paths/non-employee-requests.yaml
+++ b/static/api-specs/idn/beta/paths/non-employee-requests.yaml
@@ -13,20 +13,20 @@ post:
content:
application/json:
schema:
- $ref: '../schemas/NonEmployeeRequestBody.yaml'
+ $ref: "../schemas/NonEmployeeRequestBody.yaml"
responses:
- '200':
+ "200":
description: Non-Employee request creation object
content:
application/json:
schema:
- $ref: '../schemas/NonEmployeeRequest.yaml'
- '400':
+ $ref: "../schemas/NonEmployeeRequest.yaml"
+ "400":
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
- $ref: '../../v3/schemas/ErrorResponseDto.yaml'
+ $ref: "../../v3/schemas/ErrorResponseDto.yaml"
examples:
400.1 Bad Request Content:
description: Response for bad request content
@@ -45,15 +45,17 @@ post:
messages:
- locale: en
localeOrigin: REQUEST
- text: Unable to create Non-Employee because the accountName "existed" is already being used.
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ text:
+ Unable to create Non-Employee because the accountName
+ "existed" is already being used.
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
get:
operationId: nonEmployeeRequestList
security:
@@ -64,9 +66,9 @@ get:
description: >-
This gets a list of non-employee requests.
parameters:
- - $ref: '../../v3/parameters/limit.yaml'
- - $ref: '../../v3/parameters/offset.yaml'
- - $ref: '../../v3/parameters/count.yaml'
+ - $ref: "../../v3/parameters/limit.yaml"
+ - $ref: "../../v3/parameters/offset.yaml"
+ - $ref: "../../v3/parameters/count.yaml"
- in: query
name: requested-for
required: true
@@ -74,7 +76,8 @@ get:
type: string
example: me
description: >-
- The identity for whom the request was made. *me* indicates the current user.
+ The identity for whom the request was made. *me* indicates the current
+ user.
- in: query
name: sorters
required: false
@@ -83,8 +86,12 @@ get:
format: comma-separated
example: approvalStatus,firstName
description: >-
- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
- Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**
+ Sort results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+ Sorting is supported for the following fields: **created,
+ approvalStatus, firstName, lastName, email, phone, accountName,
+ startDate, endDate**
- in: query
name: filters
required: false
@@ -92,26 +99,28 @@ get:
type: string
example: sourceId eq "2c91808568c529c60168cca6f90c1313"
description: >-
- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
- Filtering is supported for the following fields and operators:
- **sourceId**: *eq*
- *Example:* sourceId eq "2c91808568c529c60168cca6f90c1313"
+ Filter results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+ Filtering is supported for the following fields and operators:
+ **sourceId**: *eq* *Example:* sourceId eq
+ "2c91808568c529c60168cca6f90c1313"
responses:
- '200':
+ "200":
description: List of non-employee request objects.
content:
application/json:
schema:
type: array
items:
- $ref: '../schemas/NonEmployeeRequest.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
\ No newline at end of file
+ $ref: "../schemas/NonEmployeeRequest.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/non-employee-source.yaml b/static/api-specs/idn/beta/paths/non-employee-source.yaml
index c9f056552..67105b3a4 100644
--- a/static/api-specs/idn/beta/paths/non-employee-source.yaml
+++ b/static/api-specs/idn/beta/paths/non-employee-source.yaml
@@ -17,22 +17,22 @@ get:
schema:
type: string
responses:
- '200':
+ "200":
description: Non-Employee source object.
content:
application/json:
schema:
- $ref: '../schemas/NonEmployeeSource.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/NonEmployeeSource.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
patch:
operationId: nonEmployeeSourcePatch
security:
@@ -41,8 +41,8 @@ patch:
- Non-Employee Lifecycle Management
summary: Patch a Non-Employee Source
description: >-
- patch a non-employee source. (Partial Update)
- Patchable field: **name, description, approvers, accountManagers**
+ patch a non-employee source. (Partial Update) Patchable field: **name,
+ description, approvers, accountManagers**
Request will require the following security scope:
@@ -56,38 +56,44 @@ patch:
schema:
type: string
requestBody:
- description: A list of non-employee source update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
+ description:
+ A list of non-employee source update operations according to the [JSON
+ Patch](https://tools.ietf.org/html/rfc6902) standard.
required: true
content:
application/json-patch+json:
schema:
type: array
items:
- $ref: '../schemas/JsonPatchOperation.yaml'
+ $ref: "../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/name"
value: { "new name" }
- op: "replace"
path: "/approvers"
- value: [ "2c91809f703bb37a017040a2fe8748c7", "48b1f463c9e8427db5a5071bd81914b8" ]
+ value:
+ [
+ "2c91809f703bb37a017040a2fe8748c7",
+ "48b1f463c9e8427db5a5071bd81914b8",
+ ]
responses:
- '200':
+ "200":
description: A patched non-employee source object.
content:
application/json:
schema:
- $ref: '../schemas/NonEmployeeSource.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/NonEmployeeSource.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
delete:
operationId: nonEmployeeSourceDelete
security:
@@ -110,15 +116,15 @@ delete:
schema:
type: string
responses:
- '204':
- $ref: '../../v3/responses/204.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
\ No newline at end of file
+ "204":
+ $ref: "../../v3/responses/204.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/non-employee-sources.yaml b/static/api-specs/idn/beta/paths/non-employee-sources.yaml
index 5d13a60f2..cb91935d3 100644
--- a/static/api-specs/idn/beta/paths/non-employee-sources.yaml
+++ b/static/api-specs/idn/beta/paths/non-employee-sources.yaml
@@ -17,24 +17,24 @@ post:
content:
application/json:
schema:
- $ref: '../schemas/NonEmployeeSourceRequestBody.yaml'
+ $ref: "../schemas/NonEmployeeSourceRequestBody.yaml"
responses:
- '200':
+ "200":
description: Created non-employee source.
content:
application/json:
schema:
- $ref: '../schemas/NonEmployeeSourceWithCloudExternalId.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/NonEmployeeSourceWithCloudExternalId.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
get:
operationId: nonEmployeeSourcesList
security:
@@ -45,9 +45,9 @@ get:
description: >-
This gets a list of non-employee sources.
parameters:
- - $ref: '../../v3/parameters/limit.yaml'
- - $ref: '../../v3/parameters/offset.yaml'
- - $ref: '../../v3/parameters/count.yaml'
+ - $ref: "../../v3/parameters/limit.yaml"
+ - $ref: "../../v3/parameters/offset.yaml"
+ - $ref: "../../v3/parameters/count.yaml"
- in: query
required: true
name: requested-for
@@ -55,7 +55,8 @@ get:
schema:
type: string
description: >-
- The identity for whom the request was made. *me* indicates the current user.
+ The identity for whom the request was made. *me* indicates the current
+ user.
- in: query
required: true
name: non-employee-count
@@ -63,7 +64,8 @@ get:
schema:
type: boolean
description: >-
- The flag to determine whether return a non-employee count associate with source.
+ The flag to determine whether return a non-employee count associate with
+ source.
- in: query
name: sorters
required: false
@@ -72,24 +74,26 @@ get:
format: comma-separated
example: name,created
description: >-
- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+ Sort results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created**
responses:
- '200':
+ "200":
description: List of non-employee sources objects.
content:
application/json:
schema:
type: array
items:
- $ref: '../schemas/NonEmployeeSourceWithNECount.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
\ No newline at end of file
+ $ref: "../schemas/NonEmployeeSourceWithNECount.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/personal-access-token.yaml b/static/api-specs/idn/beta/paths/personal-access-token.yaml
index c90eed6c1..0596f9b91 100644
--- a/static/api-specs/idn/beta/paths/personal-access-token.yaml
+++ b/static/api-specs/idn/beta/paths/personal-access-token.yaml
@@ -4,14 +4,13 @@ delete:
- Personal Access Tokens
summary: Delete Personal Access Token
description: >-
- This deletes a personal access token
-
- Any of the following rights are required to access this resource:
-
- - idn:my-personal-access-tokens:delete
- - idn:all-personal-access-tokens:delete
- - idn:managed-personal-access-tokens:delete
-
+ This deletes a personal access token
+
+ Any of the following rights are required to access this resource:
+ idn:my-personal-access-tokens:delete
+ idn:all-personal-access-tokens:delete
+ idn:managed-personal-access-tokens:delete
+
parameters:
- in: path
name: id
@@ -21,17 +20,17 @@ delete:
description: The personal access token id
example: ef38f94347e94562b5bb8424a56397d8
responses:
- '204':
+ "204":
description: No content.
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '404':
- $ref: '../../v3/responses/404.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../v3/responses/404.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/personal-access-tokens.yaml b/static/api-specs/idn/beta/paths/personal-access-tokens.yaml
index 9a1a6a308..0220fbc95 100644
--- a/static/api-specs/idn/beta/paths/personal-access-tokens.yaml
+++ b/static/api-specs/idn/beta/paths/personal-access-tokens.yaml
@@ -4,87 +4,92 @@ get:
- Personal Access Tokens
summary: List Personal Access Tokens
description: >-
- This gets a collection of personal access tokens associated with the optional owner-id.
- query parameter. If the owner-id query parameter is omitted, all personal access tokens
- for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right.
-
- Any of the following rights are required to access this resource:
-
- - idn:my-personal-access-tokens:read
- - idn:all-personal-access-tokens:read
- - idn:managed-personal-access-tokens:read
-
+ This gets a collection of personal access tokens associated with the
+ optional owner-id. query parameter. If the owner-id query parameter is
+ omitted, all personal access tokens
+ for a tenant will be retrieved, but the caller must have the
+ 'idn:all-personal-access-tokens:read' right.
+
+ Any of the following rights are required to access this resource:
+ idn:my-personal-access-tokens:read
+ idn:all-personal-access-tokens:read
+ idn:managed-personal-access-tokens:read
+
parameters:
- in: query
name: owner-id
description: >-
- The identity ID of the owner whose personal access tokens should be listed.
- If "me", the caller should have the following right: 'idn:my-personal-access-tokens:read'
-
- If an actual owner ID or if the owner-id parameter is omitted in the request,
- the caller should have the following right: 'idn:all-personal-access-tokens:read'.
-
- If the caller has the following right, then managed personal access tokens associated with owner-id
- will be retrieved: 'idn:managed-personal-access-tokens:read'
+ The identity ID of the owner whose personal access tokens should be
+ listed. If "me", the caller should have the following right:
+ 'idn:my-personal-access-tokens:read'
+
+ If an actual owner ID or if the owner-id parameter is omitted in the
+ request, the caller should have the following right:
+ 'idn:all-personal-access-tokens:read'.
+
+ If the caller has the following right, then managed personal access
+ tokens associated with owner-id will be retrieved:
+ 'idn:managed-personal-access-tokens:read'
required: false
schema:
type: string
default: null
example: 2c9180867b50d088017b554662fb281e
responses:
- '200':
+ "200":
description: List of personal access tokens.
content:
application/json:
schema:
type: array
items:
- $ref: '../schemas/GetPersonalAccessTokenResponse.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/GetPersonalAccessTokenResponse.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
post:
operationId: createPersonalAccessToken
tags:
- Personal Access Tokens
summary: Create Personal Access Token
description: >-
- This creates a personal access token.
-
- Any of the following rights are required to access this resource:
-
- - idn:my-personal-access-tokens:create
- - idn:all-personal-access-tokens:create
- - idn:managed-personal-access-tokens:create
-
+ This creates a personal access token.
+
+ Any of the following rights are required to access this resource:
+ idn:my-personal-access-tokens:create
+ idn:all-personal-access-tokens:create
+ idn:managed-personal-access-tokens:create
+
requestBody:
description: Name and scope of personal access token.
required: true
content:
application/json:
schema:
- $ref: '../schemas/CreatePersonalAccessTokenRequest.yaml'
+ $ref: "../schemas/CreatePersonalAccessTokenRequest.yaml"
responses:
- '200':
- description: Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed.
+ "200":
+ description:
+ Created. Note - this is the only time Personal Access Tokens' secret
+ attribute will be displayed.
content:
application/json:
schema:
- $ref: '../schemas/CreatePersonalAccessTokenResponse.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ $ref: "../schemas/CreatePersonalAccessTokenResponse.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/sod-exceptions.yaml b/static/api-specs/idn/beta/paths/sod-exceptions.yaml
index ebaec0d97..6bf005db8 100644
--- a/static/api-specs/idn/beta/paths/sod-exceptions.yaml
+++ b/static/api-specs/idn/beta/paths/sod-exceptions.yaml
@@ -15,23 +15,23 @@ post:
content:
application/json:
schema:
- $ref: '../schemas/sod/models/Exception.yaml'
+ $ref: "../schemas/sod/models/Exception.yaml"
examples:
Exception created:
- $ref: '../schemas/sod/examples/exception-body.yaml'
+ $ref: "../schemas/sod/examples/exception-body.yaml"
responses:
- '201':
- $ref: '../schemas/sod/responses/201.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ "201":
+ $ref: "../schemas/sod/responses/201.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
get:
operationId: listSodExceptions
tags:
@@ -45,23 +45,23 @@ get:
A token with API authority is required to call this API.
parameters:
- - $ref: '../../v3/parameters/limit.yaml'
- - $ref: '../../v3/parameters/offset.yaml'
- - $ref: '../../v3/parameters/count.yaml'
+ - $ref: "../../v3/parameters/limit.yaml"
+ - $ref: "../../v3/parameters/offset.yaml"
+ - $ref: "../../v3/parameters/count.yaml"
- in: query
name: filters
schema:
type: string
description: >-
- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+ Filter results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
- **id**: *eq, in*
- **sodPolicy.id**: *eq, in*
- **identity.id**: *eq, in*
+ **id**: *eq, in* **sodPolicy.id**: *eq, in* **identity.id**: *eq, in*
example: identity.id eq "bc693f07e7b645539626c25954c58554"
required: false
- in: query
@@ -70,7 +70,9 @@ get:
type: string
format: comma-separated
description: >-
- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+ Sort results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields:
@@ -80,15 +82,15 @@ get:
example: identity.id,-start
required: false
responses:
- '200':
- $ref: '../schemas/sod/responses/200-list.yaml'
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
\ No newline at end of file
+ "200":
+ $ref: "../schemas/sod/responses/200-list.yaml"
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/sod-policies.yaml b/static/api-specs/idn/beta/paths/sod-policies.yaml
index 3357b08bd..13a447497 100644
--- a/static/api-specs/idn/beta/paths/sod-policies.yaml
+++ b/static/api-specs/idn/beta/paths/sod-policies.yaml
@@ -6,7 +6,9 @@ post:
# security:
# - oauth2: [ORG_ADMIN]
description: >-
- This creates both General and Conflicting Access Based policy, with a limit of 50 entitlements for each (left & right) criteria for Conflicting Access Based SOD policy
+ This creates both General and Conflicting Access Based policy, with a limit
+ of 50 entitlements for each (left & right) criteria for Conflicting Access
+ Based SOD policy
Requires role of ORG_ADMIN
requestBody:
@@ -14,75 +16,86 @@ post:
content:
application/json:
schema:
- $ref: '../schemas/SodPolicy.yaml'
+ $ref: "../schemas/SodPolicy.yaml"
examples:
Conflicting Access Based Policy:
value:
{
"name": "Conflicting-Policy-Name",
"description": "This policy ensures compliance of xyz",
- "ownerRef": {
- "type": "IDENTITY",
- "id": "2c91808568c529c60168cca6f90c1313",
- "name": "Owner Name"
- },
- "externalPolicyReference": "XYZ policy",
- "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
- "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
- "state": "ENFORCED",
- "tags": [
- "string"
- ],
- "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
- "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
- "violationOwnerAssignmentConfig": {
- "assignmentRule": "MANAGER",
- "ownerRef": {
+ "ownerRef":
+ {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
- "name": "Violation Owner Name"
- }
- },
+ "name": "Owner Name",
+ },
+ "externalPolicyReference": "XYZ policy",
+ "compensatingControls":
+ 'Have a manager review the transaction decisions for their
+ "out of compliance" employee',
+ "correctionAdvice":
+ "Based on the role of the employee, managers should remove
+ access that is not required for their job function.",
+ "state": "ENFORCED",
+ "tags": ["string"],
+ "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
+ "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
+ "violationOwnerAssignmentConfig":
+ {
+ "assignmentRule": "MANAGER",
+ "ownerRef":
+ {
+ "type": "IDENTITY",
+ "id": "2c91808568c529c60168cca6f90c1313",
+ "name": "Violation Owner Name",
+ },
+ },
"scheduled": true,
"type": "CONFLICTING_ACCESS_BASED",
- "conflictingAccessCriteria": {
- "leftCriteria": {
- "name": "money-in",
- "criteriaList": [
- {
- "type": "ENTITLEMENT",
- "id": "2c9180866166b5b0016167c32ef31a66"
- },
- {
- "type": "ENTITLEMENT",
- "id": "2c9180866166b5b0016167c32ef31a67"
- }
- ]
+ "conflictingAccessCriteria":
+ {
+ "leftCriteria":
+ {
+ "name": "money-in",
+ "criteriaList":
+ [
+ {
+ "type": "ENTITLEMENT",
+ "id": "2c9180866166b5b0016167c32ef31a66",
+ },
+ {
+ "type": "ENTITLEMENT",
+ "id": "2c9180866166b5b0016167c32ef31a67",
+ },
+ ],
+ },
+ "rightCriteria":
+ {
+ "name": "money-out",
+ "criteriaList":
+ [
+ {
+ "type": "ENTITLEMENT",
+ "id": "2c9180866166b5b0016167c32ef31a68",
+ },
+ {
+ "type": "ENTITLEMENT",
+ "id": "2c9180866166b5b0016167c32ef31a69",
+ },
+ ],
+ },
},
- "rightCriteria": {
- "name": "money-out",
- "criteriaList": [
- {
- "type": "ENTITLEMENT",
- "id": "2c9180866166b5b0016167c32ef31a68"
- },
- {
- "type": "ENTITLEMENT",
- "id": "2c9180866166b5b0016167c32ef31a69"
- }
- ]
- }
- }
}
General Policy:
value:
{
"description": "Description",
- "ownerRef": {
- "type": "IDENTITY",
- "id": "2c918087682f9a86016839c05e8f1aff",
- "name": "Owner Name"
- },
+ "ownerRef":
+ {
+ "type": "IDENTITY",
+ "id": "2c918087682f9a86016839c05e8f1aff",
+ "name": "Owner Name",
+ },
"externalPolicyReference": "New policy",
"policyQuery": "policy query implementation",
"compensatingControls": "Compensating controls",
@@ -93,15 +106,15 @@ post:
"creatorId": "2c918087682f9a86016839c05e8f1aff",
"modifierId": null,
"violationOwnerAssignmentConfig": null,
- "name": "General-Policy-Name"
+ "name": "General-Policy-Name",
}
responses:
- '201':
+ "201":
description: SOD policy created
content:
application/json:
schema:
- $ref: '../schemas/SodPolicy.yaml'
+ $ref: "../schemas/SodPolicy.yaml"
examples:
Conflicting Access Based Policy:
value:
@@ -111,69 +124,84 @@ post:
"created": "2020-01-01T00:00:00.000000Z",
"modified": "2020-01-01T00:00:00.000000Z",
"description": "This policy ensures compliance of xyz",
- "ownerRef": {
- "type": "IDENTITY",
- "id": "2c91808568c529c60168cca6f90c1313",
- "name": "Owner Name"
- },
- "externalPolicyReference": "XYZ policy",
- "policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)",
- "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
- "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
- "state": "ENFORCED",
- "tags": [
- "string"
- ],
- "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
- "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
- "violationOwnerAssignmentConfig": {
- "assignmentRule": "MANAGER",
- "ownerRef": {
+ "ownerRef":
+ {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
- "name": "Violation Owner Name"
- }
- },
+ "name": "Owner Name",
+ },
+ "externalPolicyReference": "XYZ policy",
+ "policyQuery":
+ "@access(id:2c9180866166b5b0016167c32ef31a66 OR
+ id:2c9180866166b5b0016167c32ef31a67) AND
+ @access(id:2c9180866166b5b0016167c32ef31a68 OR
+ id:2c9180866166b5b0016167c32ef31a69)",
+ "compensatingControls":
+ 'Have a manager review the transaction decisions for their
+ "out of compliance" employee',
+ "correctionAdvice":
+ "Based on the role of the employee, managers should remove
+ access that is not required for their job function.",
+ "state": "ENFORCED",
+ "tags": ["string"],
+ "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
+ "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
+ "violationOwnerAssignmentConfig":
+ {
+ "assignmentRule": "MANAGER",
+ "ownerRef":
+ {
+ "type": "IDENTITY",
+ "id": "2c91808568c529c60168cca6f90c1313",
+ "name": "Violation Owner Name",
+ },
+ },
"scheduled": true,
"type": "CONFLICTING_ACCESS_BASED",
- "conflictingAccessCriteria": {
- "leftCriteria": {
- "name": "money-in",
- "criteriaList": [
- {
- "type": "ENTITLEMENT",
- "id": "2c9180866166b5b0016167c32ef31a66"
- },
- {
- "type": "ENTITLEMENT",
- "id": "2c9180866166b5b0016167c32ef31a67"
- }
- ]
+ "conflictingAccessCriteria":
+ {
+ "leftCriteria":
+ {
+ "name": "money-in",
+ "criteriaList":
+ [
+ {
+ "type": "ENTITLEMENT",
+ "id": "2c9180866166b5b0016167c32ef31a66",
+ },
+ {
+ "type": "ENTITLEMENT",
+ "id": "2c9180866166b5b0016167c32ef31a67",
+ },
+ ],
+ },
+ "rightCriteria":
+ {
+ "name": "money-out",
+ "criteriaList":
+ [
+ {
+ "type": "ENTITLEMENT",
+ "id": "2c9180866166b5b0016167c32ef31a68",
+ },
+ {
+ "type": "ENTITLEMENT",
+ "id": "2c9180866166b5b0016167c32ef31a69",
+ },
+ ],
+ },
},
- "rightCriteria": {
- "name": "money-out",
- "criteriaList": [
- {
- "type": "ENTITLEMENT",
- "id": "2c9180866166b5b0016167c32ef31a68"
- },
- {
- "type": "ENTITLEMENT",
- "id": "2c9180866166b5b0016167c32ef31a69"
- }
- ]
- }
- }
}
General Policy:
value:
{
"description": "Description",
- "ownerRef": {
- "type": "IDENTITY",
- "id": "2c918087682f9a86016839c05e8f1aff",
- "name": "Owner Name"
- },
+ "ownerRef":
+ {
+ "type": "IDENTITY",
+ "id": "2c918087682f9a86016839c05e8f1aff",
+ "name": "Owner Name",
+ },
"externalPolicyReference": "New policy",
"policyQuery": "policy query implementation",
"compensatingControls": "Compensating controls",
@@ -189,18 +217,18 @@ post:
"id": "52c11db4-733e-4c31-949a-766c95ec95f1",
"name": "General-Policy-Name",
"created": "2020-05-12T19:47:38Z",
- "modified": "2020-05-12T19:47:38Z"
+ "modified": "2020-05-12T19:47:38Z",
}
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
get:
operationId: listSodPolicies
tags:
@@ -213,128 +241,143 @@ get:
Requires role of ORG_ADMIN
parameters:
- - $ref: '../../v3/parameters/limit.yaml'
- - $ref: '../../v3/parameters/offset.yaml'
- - $ref: '../../v3/parameters/count.yaml'
+ - $ref: "../../v3/parameters/limit.yaml"
+ - $ref: "../../v3/parameters/offset.yaml"
+ - $ref: "../../v3/parameters/count.yaml"
- in: query
name: filters
schema:
type: string
description: >-
- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+ Filter results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
- **id**: *eq*
- **name**: *eq*
- **state**: *eq*
+ **id**: *eq* **name**: *eq* **state**: *eq*
example: id eq "bc693f07e7b645539626c25954c58554"
required: false
responses:
- '200':
+ "200":
description: List of all SOD Policies.
content:
application/json:
schema:
type: array
items:
- $ref: '../schemas/SodPolicy.yaml'
+ $ref: "../schemas/SodPolicy.yaml"
example:
[
- {
- "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
- "name": "Conflicting-Policy-Name",
- "created": "2020-01-01T00:00:00.000000Z",
- "modified": "2020-01-01T00:00:00.000000Z",
- "description": "This policy ensures compliance of xyz",
- "ownerRef": {
- "type": "IDENTITY",
- "id": "2c91808568c529c60168cca6f90c1313",
- "name": "Owner Name"
- },
- "externalPolicyReference": "XYZ policy",
- "policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)",
- "compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee",
- "correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.",
- "state": "ENFORCED",
- "tags": [
- "string"
- ],
- "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
- "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
- "violationOwnerAssignmentConfig": {
- "assignmentRule": "MANAGER",
- "ownerRef": {
- "type": "IDENTITY",
- "id": "2c91808568c529c60168cca6f90c1313",
- "name": "Violation Owner Name"
- }
- },
- "scheduled": true,
- "type": "CONFLICTING_ACCESS_BASED",
- "conflictingAccessCriteria": {
- "leftCriteria": {
- "name": "money-in",
- "criteriaList": [
+ {
+ "id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
+ "name": "Conflicting-Policy-Name",
+ "created": "2020-01-01T00:00:00.000000Z",
+ "modified": "2020-01-01T00:00:00.000000Z",
+ "description": "This policy ensures compliance of xyz",
+ "ownerRef":
{
- "type": "ENTITLEMENT",
- "id": "2c9180866166b5b0016167c32ef31a66"
+ "type": "IDENTITY",
+ "id": "2c91808568c529c60168cca6f90c1313",
+ "name": "Owner Name",
},
+ "externalPolicyReference": "XYZ policy",
+ "policyQuery":
+ "@access(id:2c9180866166b5b0016167c32ef31a66 OR
+ id:2c9180866166b5b0016167c32ef31a67) AND
+ @access(id:2c9180866166b5b0016167c32ef31a68 OR
+ id:2c9180866166b5b0016167c32ef31a69)",
+ "compensatingControls":
+ 'Have a manager review the transaction decisions for their
+ "out of compliance" employee',
+ "correctionAdvice":
+ "Based on the role of the employee, managers should remove
+ access that is not required for their job function.",
+ "state": "ENFORCED",
+ "tags": ["string"],
+ "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
+ "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
+ "violationOwnerAssignmentConfig":
{
- "type": "ENTITLEMENT",
- "id": "2c9180866166b5b0016167c32ef31a67"
- }
- ]
- },
- "rightCriteria": {
- "name": "money-out",
- "criteriaList": [
- {
- "type": "ENTITLEMENT",
- "id": "2c9180866166b5b0016167c32ef31a68"
+ "assignmentRule": "MANAGER",
+ "ownerRef":
+ {
+ "type": "IDENTITY",
+ "id": "2c91808568c529c60168cca6f90c1313",
+ "name": "Violation Owner Name",
+ },
},
+ "scheduled": true,
+ "type": "CONFLICTING_ACCESS_BASED",
+ "conflictingAccessCriteria":
{
- "type": "ENTITLEMENT",
- "id": "2c9180866166b5b0016167c32ef31a69"
- }
- ]
- }
- }
- },
- {
- "description": "Description",
- "ownerRef": {
- "type": "IDENTITY",
- "id": "2c918087682f9a86016839c05e8f1aff",
- "name": "Owner Name"
+ "leftCriteria":
+ {
+ "name": "money-in",
+ "criteriaList":
+ [
+ {
+ "type": "ENTITLEMENT",
+ "id": "2c9180866166b5b0016167c32ef31a66",
+ },
+ {
+ "type": "ENTITLEMENT",
+ "id": "2c9180866166b5b0016167c32ef31a67",
+ },
+ ],
+ },
+ "rightCriteria":
+ {
+ "name": "money-out",
+ "criteriaList":
+ [
+ {
+ "type": "ENTITLEMENT",
+ "id": "2c9180866166b5b0016167c32ef31a68",
+ },
+ {
+ "type": "ENTITLEMENT",
+ "id": "2c9180866166b5b0016167c32ef31a69",
+ },
+ ],
+ },
+ },
+ },
+ {
+ "description": "Description",
+ "ownerRef":
+ {
+ "type": "IDENTITY",
+ "id": "2c918087682f9a86016839c05e8f1aff",
+ "name": "Owner Name",
+ },
+ "externalPolicyReference": "New policy",
+ "policyQuery": "policy query implementation",
+ "compensatingControls": "Compensating controls",
+ "correctionAdvice": "Correction advice",
+ "tags": [],
+ "state": "ENFORCED",
+ "scheduled": false,
+ "creatorId": "2c918087682f9a86016839c05e8f1aff",
+ "modifierId": null,
+ "violationOwnerAssignmentConfig": null,
+ "type": "GENERAL",
+ "conflictingAccessCriteria": null,
+ "id": "52c11db4-733e-4c31-949a-766c95ec95f1",
+ "name": "General-Policy-Name",
+ "created": "2020-05-12T19:47:38Z",
+ "modified": "2020-05-12T19:47:38Z",
},
- "externalPolicyReference": "New policy",
- "policyQuery": "policy query implementation",
- "compensatingControls": "Compensating controls",
- "correctionAdvice": "Correction advice",
- "tags": [],
- "state": "ENFORCED",
- "scheduled": false,
- "creatorId": "2c918087682f9a86016839c05e8f1aff",
- "modifierId": null,
- "violationOwnerAssignmentConfig": null,
- "type": "GENERAL",
- "conflictingAccessCriteria": null,
- "id": "52c11db4-733e-4c31-949a-766c95ec95f1",
- "name": "General-Policy-Name",
- "created": "2020-05-12T19:47:38Z",
- "modified": "2020-05-12T19:47:38Z"
- }
]
- '400':
- $ref: '../../v3/responses/400.yaml'
- '401':
- $ref: '../../v3/responses/401.yaml'
- '403':
- $ref: '../../v3/responses/403.yaml'
- '429':
- $ref: '../../v3/responses/429.yaml'
- '500':
- $ref: '../../v3/responses/500.yaml'
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/supportlogin/access-granter-support-login-get.yaml b/static/api-specs/idn/beta/paths/supportlogin/access-granter-support-login-get.yaml
index 8951c0ff5..6e86d55dd 100644
--- a/static/api-specs/idn/beta/paths/supportlogin/access-granter-support-login-get.yaml
+++ b/static/api-specs/idn/beta/paths/supportlogin/access-granter-support-login-get.yaml
@@ -4,9 +4,11 @@ get:
- Auth Support Login
summary: Get an access granter support login record by granter tenant
description: >-
- Fetch the auth support login record associated with the tenant requesting support (i.e., the tenant requesting support). To be invoked by the authTenant.
-
- Request will require the following security scope:
+ Fetch the auth support login record associated with the tenant requesting
+ support (i.e., the tenant requesting support). To be invoked by the
+ authTenant.
+
+ Request will require the following security scope:
**sp:auth-support-login:read**
parameters:
- in: path
@@ -18,19 +20,19 @@ get:
type: string
responses:
- '200':
+ "200":
description: access granter support login response.
content:
application/json:
schema:
- $ref: '../../schemas/AccessGranterAuthSupportLoginResponse.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '404':
- $ref: '../../../v3/responses/404.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/AccessGranterAuthSupportLoginResponse.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../../v3/responses/404.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/supportlogin/access-granter-support-login-list.yaml b/static/api-specs/idn/beta/paths/supportlogin/access-granter-support-login-list.yaml
index f8439b139..e7555961e 100644
--- a/static/api-specs/idn/beta/paths/supportlogin/access-granter-support-login-list.yaml
+++ b/static/api-specs/idn/beta/paths/supportlogin/access-granter-support-login-list.yaml
@@ -4,46 +4,51 @@ get:
- Auth Support Login
summary: List access granter support login records
description: >-
- Fetch the list of auth support login records that grant access to the auth tenant (i.e., the tenant providing support). To be invoked by the authTenant.
-
- Request will require the following security scope:
- **sp:auth-support-login:read**
+ Fetch the list of auth support login records that grant access to the auth
+ tenant (i.e., the tenant providing support). To be invoked by the
+ authTenant. Request will require the following security scope:
+ **sp:auth-support-login:read**
parameters:
- - $ref: '../../../v3/parameters/limit.yaml'
- - $ref: '../../../v3/parameters/offset.yaml'
- - $ref: '../../../v3/parameters/count.yaml'
+ - $ref: "../../../v3/parameters/limit.yaml"
+ - $ref: "../../../v3/parameters/offset.yaml"
+ - $ref: "../../../v3/parameters/count.yaml"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
- Sorting is supported for the following fields: **accessGranterTenant, authUserName, role, expirationDate**
+ Sort results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+ Sorting is supported for the following fields: **accessGranterTenant,
+ authUserName, role, expirationDate**
- in: query
name: filters
schema:
type: string
description: >-
- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
- Filtering is supported for the following fields and operators:
- **accessGranterTenant**: *eq, co, sw*
- *Example:* accessGranterTenant eq "acme-solar", accessGranterTenant co "solar"
+ Filter results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+ Filtering is supported for the following fields and operators:
+ **accessGranterTenant**: *eq, co, sw* *Example:* accessGranterTenant eq
+ "acme-solar", accessGranterTenant co "solar"
responses:
- '200':
+ "200":
description: list of access granter support login responses.
content:
application/json:
schema:
type: array
items:
- $ref: '../../schemas/AccessGranterAuthSupportLoginResponse.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/AccessGranterAuthSupportLoginResponse.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-create.yaml b/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-create.yaml
index 65568acf9..ae5765cd5 100644
--- a/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-create.yaml
+++ b/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-create.yaml
@@ -3,32 +3,33 @@ tags:
- Auth Support Login
summary: Create auth support login record
description: >-
- This request will create an auth support login record allowing the authTenant to be able to login as a support user into the tenant requesting support.
-
- Request will require the following security scope:
+ This request will create an auth support login record allowing the authTenant
+ to be able to login as a support user into the tenant requesting support.
+
+ Request will require the following security scope:
**sp:auth-support-login:create**
-
+
requestBody:
description: Auth support login creation request body.
required: true
content:
application/json:
schema:
- $ref: '../../schemas/AuthSupportLoginRequest.yaml'
+ $ref: "../../schemas/AuthSupportLoginRequest.yaml"
responses:
- '200':
+ "200":
description: Created auth support login record.
content:
application/json:
schema:
- $ref: '../../schemas/AuthSupportLoginResponse.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '429':
- $ref: '../../../v3/responses/429.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/AuthSupportLoginResponse.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-delete.yaml b/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-delete.yaml
index a746d125f..dd296a1c1 100644
--- a/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-delete.yaml
+++ b/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-delete.yaml
@@ -3,10 +3,8 @@ tags:
- Auth Support Login
summary: Delete auth support login record by auth tenant
description: >-
- This request will delete an auth support login record.
-
- Request will require the following security scope:
- **sp:auth-support-login:delete**
+ This request will delete an auth support login record. Request will require
+ the following security scope: **sp:auth-support-login:delete**
parameters:
- in: path
name: authTenant
@@ -16,15 +14,15 @@ parameters:
schema:
type: string
responses:
- '204':
- $ref: '../../../v3/responses/204.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '404':
- $ref: '../../../v3/responses/404.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ "204":
+ $ref: "../../../v3/responses/204.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../../v3/responses/404.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-get.yaml b/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-get.yaml
index 27d409221..544be6824 100644
--- a/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-get.yaml
+++ b/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-get.yaml
@@ -3,11 +3,11 @@ tags:
- Auth Support Login
summary: Get auth support login record by auth tenant
description: >-
- Fetch an auth support login record by an authorized auth tenant.
-
- Request will require the following security scope:
+ Fetch an auth support login record by an authorized auth tenant.
+
+ Request will require the following security scope:
**sp:auth-support-login:read**
-
+
parameters:
- in: path
name: authTenant
@@ -17,19 +17,19 @@ parameters:
schema:
type: string
responses:
- '200':
+ "200":
description: auth support login response.
content:
application/json:
schema:
- $ref: '../../schemas/AuthSupportLoginResponse.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '404':
- $ref: '../../../v3/responses/404.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/AuthSupportLoginResponse.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../../v3/responses/404.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-list.yaml b/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-list.yaml
index 7f143328b..e0e00d44c 100644
--- a/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-list.yaml
+++ b/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-list.yaml
@@ -3,45 +3,49 @@ tags:
- Auth Support Login
summary: List auth support login records
description: >-
- Fetch list of auth support login records that the tenant has granted access to.
-
- Request will require the following security scope:
+ Fetch list of auth support login records that the tenant has granted access
+ to. Request will require the following security scope:
**sp:auth-support-login:read**
parameters:
- - $ref: '../../../v3/parameters/limit.yaml'
- - $ref: '../../../v3/parameters/offset.yaml'
- - $ref: '../../../v3/parameters/count.yaml'
+ - $ref: "../../../v3/parameters/limit.yaml"
+ - $ref: "../../../v3/parameters/offset.yaml"
+ - $ref: "../../../v3/parameters/count.yaml"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
- Sorting is supported for the following fields: **authTenant, authUserName, role, expirationDate**
+ Sort results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+ Sorting is supported for the following fields: **authTenant, authUserName,
+ role, expirationDate**
- in: query
name: filters
schema:
type: string
description: >-
- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
- Filtering is supported for the following fields and operators:
- **authTenant**: *eq, sw*
- *Example:* authTenant eq "sailpoint", accessGranterTenant sw "sail"
+ Filter results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+ Filtering is supported for the following fields and operators:
+ **authTenant**: *eq, sw* *Example:* authTenant eq "sailpoint",
+ accessGranterTenant sw "sail"
responses:
- '200':
+ "200":
description: list of auth support login responses.
content:
application/json:
schema:
type: array
items:
- $ref: '../../schemas/AuthSupportLoginResponse.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/AuthSupportLoginResponse.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-patch.yaml b/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-patch.yaml
index a1cd1018e..e9069469b 100644
--- a/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-patch.yaml
+++ b/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-patch.yaml
@@ -3,11 +3,9 @@ tags:
- Auth Support Login
summary: Patch auth support login record by auth tenant
description: >-
- This request will patch an auth support login record.
- Patchable fields: **expirationDate**
-
- Request will require the following security scope:
- **sp:auth-support-login:update**
+ This request will patch an auth support login record. Patchable fields:
+ **expirationDate** Request will require the following security
+ scope: **sp:auth-support-login:update**
parameters:
- in: path
name: authTenant
@@ -17,32 +15,34 @@ parameters:
schema:
type: string
requestBody:
- description: A list of auth support login update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
+ description:
+ A list of auth support login update operations according to the [JSON
+ Patch](https://tools.ietf.org/html/rfc6902) standard.
required: true
content:
application/json-patch+json:
schema:
type: array
items:
- $ref: '../../schemas/JsonPatchOperation.yaml'
+ $ref: "../../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/expirationDate"
value: "2030-08-23T18:00:00.000Z"
responses:
- '200':
+ "200":
description: Updated auth support login record.
content:
application/json:
schema:
- $ref: '../../schemas/AuthSupportLoginResponse.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '404':
- $ref: '../../../v3/responses/404.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/AuthSupportLoginResponse.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../../v3/responses/404.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfer-get.yaml b/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfer-get.yaml
index 3ec7f1dcb..8b7297ca0 100644
--- a/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfer-get.yaml
+++ b/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfer-get.yaml
@@ -3,9 +3,9 @@ tags:
- Auth Support Login
summary: Get auth support transfer status record by tenant
description: >-
- Fetches an auth support transfer status record by tenant.
-
- This request requires the following security scope:
+ Fetches an auth support transfer status record by tenant.
+
+ This request requires the following security scope:
**sp:auth-support-login-transfer:read**
parameters:
- in: path
@@ -16,19 +16,22 @@ parameters:
schema:
type: string
responses:
- '200':
- description: Response containing the name of the tenant associated with an auth support login access grant and an indication whether that tenant has been transferred yet.
+ "200":
+ description:
+ Response containing the name of the tenant associated with an auth support
+ login access grant and an indication whether that tenant has been
+ transferred yet.
content:
application/json:
schema:
- $ref: '../../schemas/AuthSupportTransferStatusResponse.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '404':
- $ref: '../../../v3/responses/404.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/AuthSupportTransferStatusResponse.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../../v3/responses/404.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfer-post.yaml b/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfer-post.yaml
index ecc6794cc..721b9fbdc 100644
--- a/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfer-post.yaml
+++ b/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfer-post.yaml
@@ -3,10 +3,11 @@ tags:
- Auth Support Login
summary: Transfer auth support login grant
description: >-
- Transfers an auth support login access grant for the specified tenant by setting the transferred field in the
- tenant's auth support transfer status record to "true" and deleting the tenant's initial auth support login record.
-
- This request requires the following security scope:
+ Transfers an auth support login access grant for the specified tenant by
+ setting the transferred field in the tenant's auth support transfer status
+ record to "true" and deleting the tenant's initial auth support login record.
+
+ This request requires the following security scope:
**sp:auth-support-login-transfer:update**
parameters:
- in: path
@@ -17,21 +18,24 @@ parameters:
schema:
type: string
responses:
- '200':
- description: Response containing the name of the tenant associated with an auth support login access grant and an indication whether that tenant has been transferred yet.
+ "200":
+ description:
+ Response containing the name of the tenant associated with an auth support
+ login access grant and an indication whether that tenant has been
+ transferred yet.
content:
application/json:
schema:
- $ref: '../../schemas/AuthSupportTransferStatusResponse.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '404':
- $ref: '../../../v3/responses/404.yaml'
- '429':
- $ref: '../../../v3/responses/429.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/AuthSupportTransferStatusResponse.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../../v3/responses/404.yaml"
+ "429":
+ $ref: "../../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfers-list.yaml b/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfers-list.yaml
index 65669d811..7a99f62b7 100644
--- a/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfers-list.yaml
+++ b/static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfers-list.yaml
@@ -4,45 +4,47 @@ get:
- Auth Support Login
summary: List auth support transfer status records
description: >-
- Fetches a list of auth support transfer status records that indicate whether an auth support login has been transferred.
-
- This request requires the following security scope:
- **sp:auth-support-login-transfer:read**
+ Fetches a list of auth support transfer status records that indicate whether
+ an auth support login has been transferred. This request requires the
+ following security scope: **sp:auth-support-login-transfer:read**
parameters:
- - $ref: '../../../v3/parameters/limit.yaml'
- - $ref: '../../../v3/parameters/offset.yaml'
- - $ref: '../../../v3/parameters/count.yaml'
+ - $ref: "../../../v3/parameters/limit.yaml"
+ - $ref: "../../../v3/parameters/offset.yaml"
+ - $ref: "../../../v3/parameters/count.yaml"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+ Sort results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **tenant**
- in: query
name: filters
schema:
type: string
description: >-
- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
- Filtering is supported for the following fields and operators:
- **transferred**: *eq*
- *Example:* transferred eq false, transferred eq 0
+ Filter results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+ Filtering is supported for the following fields and operators:
+ **transferred**: *eq* *Example:* transferred eq false, transferred eq 0
responses:
- '200':
+ "200":
description: list of auth support transfer status responses.
content:
application/json:
schema:
type: array
items:
- $ref: '../../schemas/AuthSupportTransferStatusResponse.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/AuthSupportTransferStatusResponse.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/supportlogin/auth-support-logins-migrate.yaml b/static/api-specs/idn/beta/paths/supportlogin/auth-support-logins-migrate.yaml
index 8d7265018..37da1deab 100644
--- a/static/api-specs/idn/beta/paths/supportlogin/auth-support-logins-migrate.yaml
+++ b/static/api-specs/idn/beta/paths/supportlogin/auth-support-logins-migrate.yaml
@@ -4,34 +4,37 @@ post:
- Auth Support Login
summary: Migrate auth support login records
description: >-
- Migrates all the auth support login access grants from the specified auth tenant to the new auth tenant in the
- request context, resulting in the new auth tenant having possession of all the old auth tenant's auth support
- login access grants and the old auth tenant no longer having any more auth support login access grants.
-
- Because this is a highly privileged operation meant only to be executable by SailPoint DevOps,
- this request requires the following security scope:
+ Migrates all the auth support login access grants from the specified auth
+ tenant to the new auth tenant in the request context, resulting in the new
+ auth tenant having possession of all the old auth tenant's auth support
+ login access grants and the old auth tenant no longer having any more auth
+ support login access grants.
+
+ Because this is a highly privileged operation meant only to be executable by
+ SailPoint DevOps, this request requires the following security scope:
**sp:auth-support-login-transfer:update**
parameters:
- in: path
name: oldAuthTenant
description: >-
- The name of auth tenant whose auth support login access grants will be migrated to the calling auth tenant
+ The name of auth tenant whose auth support login access grants will be
+ migrated to the calling auth tenant
example: acme-solar
required: true
schema:
type: string
responses:
- '202':
- $ref: '../../../v3/responses/202.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '404':
- $ref: '../../../v3/responses/404.yaml'
- '429':
- $ref: '../../../v3/responses/429.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ "202":
+ $ref: "../../../v3/responses/202.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../../v3/responses/404.yaml"
+ "429":
+ $ref: "../../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-create.yaml b/static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-create.yaml
index 285a2024e..5ffe5d412 100644
--- a/static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-create.yaml
+++ b/static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-create.yaml
@@ -3,36 +3,38 @@ tags:
- Auth Support Login
summary: Create auth support tenant record
description: >-
- This request will create an auth support tenant record for the tenant making the call, making that tenant the auth
- tenant in the new record. This new record will function as a prerequisite metadata reference for when a target tenant
- attempts to create an auth support login record that grants access to a particular auth tenant.
- Thus, a target tenant must name an auth tenant that exists within an auth support tenant record in order to
- successfully create an auth support login record.
-
- Request will require the following security scope:
+ This request will create an auth support tenant record for the tenant making
+ the call, making that tenant the auth tenant in the new record. This new
+ record will function as a prerequisite metadata reference for when a target
+ tenant attempts to create an auth support login record that grants access to a
+ particular auth tenant. Thus, a target tenant must name an auth tenant that
+ exists within an auth support tenant record in order to successfully create an
+ auth support login record.
+
+ Request will require the following security scope:
**sp:auth-support-login:create**
-
+
requestBody:
description: Auth support tenant creation request body.
required: true
content:
application/json:
schema:
- $ref: '../../schemas/AuthSupportTenantRequest.yaml'
+ $ref: "../../schemas/AuthSupportTenantRequest.yaml"
responses:
- '200':
+ "200":
description: Created auth support tenant record.
content:
application/json:
schema:
- $ref: '../../schemas/AuthSupportTenantResponse.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '429':
- $ref: '../../../v3/responses/429.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/AuthSupportTenantResponse.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-delete.yaml b/static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-delete.yaml
index bda29ca21..d217003ad 100644
--- a/static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-delete.yaml
+++ b/static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-delete.yaml
@@ -3,18 +3,17 @@ tags:
- Auth Support Login
summary: Delete all auth support tenant records for this tenant
description: >-
- This request will delete all auth support tenant records related to the requesting tenant.
-
- Request will require the following security scope:
- **sp:auth-support-login:delete**
+ This request will delete all auth support tenant records related to the
+ requesting tenant. Request will require the following security scope:
+ **sp:auth-support-login:delete**
responses:
- '204':
- $ref: '../../../v3/responses/204.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '404':
- $ref: '../../../v3/responses/404.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ "204":
+ $ref: "../../../v3/responses/204.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "404":
+ $ref: "../../../v3/responses/404.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-list.yaml b/static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-list.yaml
index b9e0d5bd0..9477d6c3c 100644
--- a/static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-list.yaml
+++ b/static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-list.yaml
@@ -3,45 +3,48 @@ tags:
- Auth Support Login
summary: List auth support tenant records
description: >-
- Fetch list of auth support tenant records that can be used as authTenant.
-
- Request will require the following security scope:
+ Fetch list of auth support tenant records that can be used as authTenant.
+ Request will require the following security scope:
**sp:auth-support-login:read**
parameters:
- - $ref: '../../../v3/parameters/limit.yaml'
- - $ref: '../../../v3/parameters/offset.yaml'
- - $ref: '../../../v3/parameters/count.yaml'
+ - $ref: "../../../v3/parameters/limit.yaml"
+ - $ref: "../../../v3/parameters/offset.yaml"
+ - $ref: "../../../v3/parameters/count.yaml"
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
+ Sort results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **authTenant**
- in: query
name: filters
schema:
type: string
description: >-
- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
- Filtering is supported for the following fields and operators:
- **authTenant**: *eq, sw*
- *Example:* authTenant eq "sailpoint", authTenant sw "sail"
+ Filter results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
+ Filtering is supported for the following fields and operators:
+ **authTenant**: *eq, sw* *Example:* authTenant eq "sailpoint", authTenant
+ sw "sail"
responses:
- '200':
+ "200":
description: list of auth support tenant responses.
content:
application/json:
schema:
type: array
items:
- $ref: '../../schemas/AuthSupportTenantResponse.yaml'
- '400':
- $ref: '../../../v3/responses/400.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/AuthSupportTenantResponse.yaml"
+ "400":
+ $ref: "../../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/paths/supportlogin/auth-support-user-eligibility-get.yaml b/static/api-specs/idn/beta/paths/supportlogin/auth-support-user-eligibility-get.yaml
index 3c8765303..e122baadc 100644
--- a/static/api-specs/idn/beta/paths/supportlogin/auth-support-user-eligibility-get.yaml
+++ b/static/api-specs/idn/beta/paths/supportlogin/auth-support-user-eligibility-get.yaml
@@ -4,22 +4,26 @@ get:
- Auth Support Login
summary: Get a user's eligibility for support and services login
description: >-
- Fetch the auth support tenant record(s) associated with this user's tenant and check to see if the user belongs
- to any access roles allowed for performing support and services login
-
- Request requires an authenticated user, but no specific scope is required for analysis of user eligibility.
+ Fetch the auth support tenant record(s) associated with this user's tenant
+ and check to see if the user belongs to any access roles allowed for
+ performing support and services login
+
+ Request requires an authenticated user, but no specific scope is required
+ for analysis of user eligibility.
responses:
- '200':
- description: Response containing a determination of whether or not the logged-in user is eligible to provide support to customers.
+ "200":
+ description:
+ Response containing a determination of whether or not the logged-in user
+ is eligible to provide support to customers.
content:
application/json:
schema:
- $ref: '../../schemas/AuthSupportUserEligibilityResponse.yaml'
- '401':
- $ref: '../../../v3/responses/401.yaml'
- '403':
- $ref: '../../../v3/responses/403.yaml'
- '429':
- $ref: '../../../v3/responses/429.yaml'
- '500':
- $ref: '../../../v3/responses/500.yaml'
+ $ref: "../../schemas/AuthSupportUserEligibilityResponse.yaml"
+ "401":
+ $ref: "../../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../../v3/responses/500.yaml"
diff --git a/static/api-specs/idn/beta/schemas/TemplateDto.yaml b/static/api-specs/idn/beta/schemas/TemplateDto.yaml
index f6ec85b9d..2a04a3b82 100644
--- a/static/api-specs/idn/beta/schemas/TemplateDto.yaml
+++ b/static/api-specs/idn/beta/schemas/TemplateDto.yaml
@@ -22,16 +22,18 @@ properties:
example: "en"
subject:
type: string
- example: "You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}."
+ example:
+ "You have $numberOfPendingTasks $taskTasks to complete in
+ ${__global.productName}."
header:
type: string
- example: "Dear $__recipient.name,
"
+ example: "Dear $__recipient.name,"
body:
type: string
example: "Please go to the task manager"
footer:
type: string
- example: "
Thanks,
The $__global.productName Team
"
+ example: "Thanks, The $__global.productName Team"
from:
type: string
example: "$__global.emailFromAddress"
@@ -40,7 +42,8 @@ properties:
example: "$__global.emailFromAddress"
description:
type: string
- example: "Daily digest - sent if number of outstanding tasks for task owner > 0"
+ example:
+ "Daily digest - sent if number of outstanding tasks for task owner > 0"
id:
type: string
example: "c17bea3a-574d-453c-9e04-4365fbf5af0b"
@@ -53,9 +56,10 @@ properties:
modified:
type: string
format: date-time
- description: The time when this template was last modified. This is auto-generated.
+ description:
+ The time when this template was last modified. This is auto-generated.
example: "2020-01-01T00:00:00.000000Z"
required:
- key
- medium
- - locale
\ No newline at end of file
+ - locale
diff --git a/static/api-specs/idn/beta/schemas/TemplateDtoDefault.yaml b/static/api-specs/idn/beta/schemas/TemplateDtoDefault.yaml
index ce429f75f..46db290df 100644
--- a/static/api-specs/idn/beta/schemas/TemplateDtoDefault.yaml
+++ b/static/api-specs/idn/beta/schemas/TemplateDtoDefault.yaml
@@ -22,16 +22,18 @@ properties:
example: "en"
subject:
type: string
- example: "You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}."
+ example:
+ "You have $numberOfPendingTasks $taskTasks to complete in
+ ${__global.productName}."
header:
type: string
- example: "Dear $__recipient.name,
"
+ example: "Dear $__recipient.name,"
body:
type: string
example: "Please go to the task manager"
footer:
type: string
- example: "
Thanks,
The $__global.productName Team
"
+ example: "Thanks, The $__global.productName Team"
from:
type: string
example: "$__global.emailFromAddress"
@@ -40,4 +42,5 @@ properties:
example: "$__global.emailFromAddress"
description:
type: string
- example: "Daily digest - sent if number of outstanding tasks for task owner > 0"
\ No newline at end of file
+ example:
+ "Daily digest - sent if number of outstanding tasks for task owner > 0"
diff --git a/static/api-specs/idn/v3/paths/non-employee-approval-list.yaml b/static/api-specs/idn/v3/paths/non-employee-approval-list.yaml
index 7fb46e1a2..f640480fb 100644
--- a/static/api-specs/idn/v3/paths/non-employee-approval-list.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-approval-list.yaml
@@ -6,11 +6,11 @@ get:
- Non-Employee Lifecycle Management
summary: Get List of Non-Employee Approval Requests
description: >-
- This gets a list of non-employee approval requests.
+ This gets a list of non-employee approval requests.
- There are two contextual uses for this endpoint:
+ There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:read`, in which case they
- can list the approvals for any approver.
+ can list the approvals for any approver.
2. The user owns the requested approval.
parameters:
- in: query
@@ -32,10 +32,9 @@ get:
description: >-
Filter results using the standard syntax described in [V3 API Standard
Collection
- Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)
- Filtering is supported for the following fields and operators:
- **approvalStatus**: *eq*
*Example:* approvalStatus eq
- "PENDING"
+ Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)
+ Filtering is supported for the following fields and operators:
+ **approvalStatus**: *eq* *Example:* approvalStatus eq "PENDING"
example: approvalStatus eq "Pending"
required: false
- in: query
@@ -46,7 +45,7 @@ get:
description: >-
Sort results using the standard syntax described in [V3 API Standard
Collection
- Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
+ Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
Sorting is supported for the following fields: **created, modified**
required: false
example: created
diff --git a/static/api-specs/idn/v3/paths/non-employee-approval-summary.yaml b/static/api-specs/idn/v3/paths/non-employee-approval-summary.yaml
index 7403692df..04568d6ee 100644
--- a/static/api-specs/idn/v3/paths/non-employee-approval-summary.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-approval-summary.yaml
@@ -6,12 +6,11 @@ get:
- Non-Employee Lifecycle Management
summary: Get Summary of Non-Employee Approval Requests
description: >-
- This request will retrieve a summary of non-employee approval
- requests.
There are two contextual uses for the `requested-for` path
- parameter:
+ This request will retrieve a summary of non-employee approval requests.
+ There are two contextual uses for the `requested-for` path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
she may request a summary of all non-employee approval requests assigned to
- a particular approver by passing in that approver's id.
+ a particular approver by passing in that approver's id.
2. The current user is an approver, in which case "me" should be provided
as the `requested-for` value. This will provide the approver with a summary
of the approval items assigned to him or her.
diff --git a/static/api-specs/idn/v3/paths/non-employee-approve-get.yaml b/static/api-specs/idn/v3/paths/non-employee-approve-get.yaml
index 911c5d88b..2f1bf2ed8 100644
--- a/static/api-specs/idn/v3/paths/non-employee-approve-get.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-approve-get.yaml
@@ -6,10 +6,10 @@ get:
- Non-Employee Lifecycle Management
summary: Get a non-employee approval item detail
description: >-
- Gets a non-employee approval item detail.
There are two contextual
- uses for this endpoint:
+ Gets a non-employee approval item detail. There are two contextual uses for
+ this endpoint:
1. The user has the role context of `idn:nesr:read`, in which case they
- can get any approval.
+ can get any approval.
2. The user owns the requested approval.
parameters:
- in: path
diff --git a/static/api-specs/idn/v3/paths/non-employee-approve-request.yaml b/static/api-specs/idn/v3/paths/non-employee-approve-request.yaml
index 1c74ebd30..1ed414af2 100644
--- a/static/api-specs/idn/v3/paths/non-employee-approve-request.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-approve-request.yaml
@@ -6,8 +6,8 @@ post:
- Non-Employee Lifecycle Management
summary: Approve a Non-Employee Request
description: >-
- Approves a non-employee approval request and notifies the next
- approver.
The current user must be the requested approver.
+ Approves a non-employee approval request and notifies the next approver. The
+ current user must be the requested approver.
parameters:
- in: path
name: id
diff --git a/static/api-specs/idn/v3/paths/non-employee-bulk-upload-jobs-fail.yaml b/static/api-specs/idn/v3/paths/non-employee-bulk-upload-jobs-fail.yaml
index abc3d2c86..c60129db6 100644
--- a/static/api-specs/idn/v3/paths/non-employee-bulk-upload-jobs-fail.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-bulk-upload-jobs-fail.yaml
@@ -7,16 +7,16 @@ post:
summary: Fail Bulk Upload
description: |
This API does not stop the job. It flags the job as failed. The job continues to run if it was
- running when the API was invoked.
+ running when the API was invoked.
Before you submit this request, verify the transaction is actually failed in Kibana. When
- the NON_EMPLOYEE_CREATE_PASSED events have stopped, then the job is completed.
+ the NON_EMPLOYEE_CREATE_PASSED events have stopped, then the job is completed.
Important: This API does not stop the job, it flags the job as failed. The job continues to run if
the it was running when the API was invoked. If invoked while the transaction is still running,
- other jobs are allowed to start but the second job to start will fail.
+ other jobs are allowed to start but the second job to start will fail.
- Requires role context of `idn:nesr:update`.
+ Requires role context of `idn:nesr:update`.
This is for internal use only.
parameters:
diff --git a/static/api-specs/idn/v3/paths/non-employee-record.yaml b/static/api-specs/idn/v3/paths/non-employee-record.yaml
index cfc38908d..8c075b0a3 100644
--- a/static/api-specs/idn/v3/paths/non-employee-record.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-record.yaml
@@ -6,7 +6,7 @@ get:
- Non-Employee Lifecycle Management
summary: Get a Non-Employee Record
description: >-
- This gets a non-employee record.
+ This gets a non-employee record.
Requires role context of `idn:nesr:read`
parameters:
@@ -43,10 +43,10 @@ put:
- Non-Employee Lifecycle Management
summary: Update Non-Employee Record
description: >-
- This request will update a non-employee record.
There are two
- contextual uses for this endpoint:
+ This request will update a non-employee record. There are two contextual
+ uses for this endpoint:
1. The user has the role context of `idn:nesr:update`, in which case they
- update all available fields.
+ update all available fields.
2. The user is owner of the source, in this case they can only update the
end date.
parameters:
@@ -95,10 +95,10 @@ patch:
- Non-Employee Lifecycle Management
summary: Patch Non-Employee Record
description: >-
- This request will patch a non-employee record.
There are two
- contextual uses for this endpoint:
+ This request will patch a non-employee record. There are two contextual uses
+ for this endpoint:
1. The user has the role context of `idn:nesr:update`, in which case they
- update all available fields.
+ update all available fields.
2. The user is owner of the source, in this case they can only update the
end date.
parameters:
@@ -154,7 +154,7 @@ delete:
- Non-Employee Lifecycle Management
summary: Delete Non-Employee Record
description: >-
- This request will delete a non-employee record.
+ This request will delete a non-employee record.
Requires role context of `idn:nesr:delete`
parameters:
diff --git a/static/api-specs/idn/v3/paths/non-employee-records-bulk-delete.yaml b/static/api-specs/idn/v3/paths/non-employee-records-bulk-delete.yaml
index 73f2afa53..74f7486de 100644
--- a/static/api-specs/idn/v3/paths/non-employee-records-bulk-delete.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-records-bulk-delete.yaml
@@ -7,8 +7,7 @@ post:
summary: Delete Multiple Non-Employee Records
description: >-
This request will delete multiple non-employee records based on the
- non-employee ids provided.
Requires role context of
- `idn:nesr:delete`
+ non-employee ids provided. Requires role context of `idn:nesr:delete`
requestBody:
description: Non-Employee bulk delete request body.
required: true
@@ -23,7 +22,7 @@ post:
items:
type: string
format: uuid
- example:
+ example:
- 2b838de9-db9b-abcf-e646-d4f274ad4238
- 2d838de9-db9b-abcf-e646-d4f274ad4238
required:
diff --git a/static/api-specs/idn/v3/paths/non-employee-records.yaml b/static/api-specs/idn/v3/paths/non-employee-records.yaml
index 064f0a5c8..ec0bb4d5a 100644
--- a/static/api-specs/idn/v3/paths/non-employee-records.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-records.yaml
@@ -6,33 +6,33 @@ post:
- Non-Employee Lifecycle Management
summary: Create Non-Employee Record
description: >-
- This request will create a non-employee record.
+ This request will create a non-employee record.
- Requires role context of `idn:nesr:create`
+ Requires role context of `idn:nesr:create`
requestBody:
description: Non-Employee record creation request body.
required: true
content:
application/json:
schema:
- $ref: '../schemas/non-employee/NonEmployeeRequestBody.yaml'
+ $ref: "../schemas/non-employee/NonEmployeeRequestBody.yaml"
responses:
- '200':
+ "200":
description: Created non-employee record.
content:
application/json:
schema:
- $ref: '../schemas/non-employee/NonEmployeeRecord.yaml'
- '400':
- $ref: '../responses/400.yaml'
- '401':
- $ref: '../responses/401.yaml'
- '403':
- $ref: '../responses/403.yaml'
- '429':
- $ref: '../responses/429.yaml'
- '500':
- $ref: '../responses/500.yaml'
+ $ref: "../schemas/non-employee/NonEmployeeRecord.yaml"
+ "400":
+ $ref: "../responses/400.yaml"
+ "401":
+ $ref: "../responses/401.yaml"
+ "403":
+ $ref: "../responses/403.yaml"
+ "429":
+ $ref: "../responses/429.yaml"
+ "500":
+ $ref: "../responses/500.yaml"
get:
operationId: nonEmployeeRecordList
security:
@@ -41,14 +41,16 @@ get:
- Non-Employee Lifecycle Management
summary: List Non-Employee Records
description: >-
- This gets a list of non-employee records.
- There are two contextual uses for this endpoint:
- 1. The user has the role context of `idn:nesr:read`, in which case they can get a list of all of the non-employees.
- 2. The user is an account manager, in which case they can get a list of the non-employees that they manage.
+ This gets a list of non-employee records. There are two contextual uses for
+ this endpoint:
+ 1. The user has the role context of `idn:nesr:read`, in which case they
+ can get a list of all of the non-employees.
+ 2. The user is an account manager, in which case they can get a list of
+ the non-employees that they manage.
parameters:
- - $ref: '../parameters/limit.yaml'
- - $ref: '../parameters/offset.yaml'
- - $ref: '../parameters/count.yaml'
+ - $ref: "../parameters/limit.yaml"
+ - $ref: "../parameters/offset.yaml"
+ - $ref: "../parameters/count.yaml"
- in: query
name: sorters
required: false
@@ -57,8 +59,12 @@ get:
format: comma-separated
example: accountName,sourceId
description: >-
- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
- Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**
+ Sort results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
+ Sorting is supported for the following fields: **id, accountName,
+ sourceId, manager, firstName, lastName, email, phone, startDate,
+ endDate, created, modified**
- in: query
name: filters
required: false
@@ -66,26 +72,28 @@ get:
type: string
example: sourceId eq "2c91808568c529c60168cca6f90c1313"
description: >-
- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)
- Filtering is supported for the following fields and operators:
- **sourceId**: *eq*
- *Example:* sourceId eq "2c91808568c529c60168cca6f90c1313"
+ Filter results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)
+ Filtering is supported for the following fields and operators:
+ **sourceId**: *eq* *Example:* sourceId eq
+ "2c91808568c529c60168cca6f90c1313"
responses:
- '200':
+ "200":
description: Non-Employee record objects
content:
application/json:
schema:
type: array
items:
- $ref: '../schemas/non-employee/NonEmployeeRecord.yaml'
- '400':
- $ref: '../responses/400.yaml'
- '401':
- $ref: '../responses/401.yaml'
- '403':
- $ref: '../responses/403.yaml'
- '429':
- $ref: '../responses/429.yaml'
- '500':
- $ref: '../responses/500.yaml'
+ $ref: "../schemas/non-employee/NonEmployeeRecord.yaml"
+ "400":
+ $ref: "../responses/400.yaml"
+ "401":
+ $ref: "../responses/401.yaml"
+ "403":
+ $ref: "../responses/403.yaml"
+ "429":
+ $ref: "../responses/429.yaml"
+ "500":
+ $ref: "../responses/500.yaml"
diff --git a/static/api-specs/idn/v3/paths/non-employee-reject-request.yaml b/static/api-specs/idn/v3/paths/non-employee-reject-request.yaml
index 8e9ba7eea..8fa95bc23 100644
--- a/static/api-specs/idn/v3/paths/non-employee-reject-request.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-reject-request.yaml
@@ -6,8 +6,8 @@ post:
- Non-Employee Lifecycle Management
summary: Reject a Non-Employee Request
description: >-
- This endpoint will reject an approval item request and notify user.
- The current user must be the requested approver.
+ This endpoint will reject an approval item request and notify user. The
+ current user must be the requested approver.
parameters:
- in: path
name: id
diff --git a/static/api-specs/idn/v3/paths/non-employee-request-summary-get.yaml b/static/api-specs/idn/v3/paths/non-employee-request-summary-get.yaml
index 4ad724189..e3d005c7d 100644
--- a/static/api-specs/idn/v3/paths/non-employee-request-summary-get.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-request-summary-get.yaml
@@ -6,11 +6,11 @@ get:
- Non-Employee Lifecycle Management
summary: Get Summary of Non-Employee Requests
description: >-
- This request will retrieve a summary of non-employee requests.
There
- are two contextual uses for the `requested-for` path parameter:
+ This request will retrieve a summary of non-employee requests. There are two
+ contextual uses for the `requested-for` path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
she may request a summary of all non-employee approval requests assigned to
- a particular account manager by passing in that manager's id.
+ a particular account manager by passing in that manager's id.
2. The current user is an account manager, in which case "me" should be
provided as the `requested-for` value. This will provide the user with a
summary of the non-employee requests in the source(s) he or she manages.
diff --git a/static/api-specs/idn/v3/paths/non-employee-request.yaml b/static/api-specs/idn/v3/paths/non-employee-request.yaml
index bc17f8a5c..0a6f1b0c5 100644
--- a/static/api-specs/idn/v3/paths/non-employee-request.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-request.yaml
@@ -6,11 +6,11 @@ get:
- Non-Employee Lifecycle Management
summary: Get a Non-Employee Request
description: >-
- This gets a non-employee request.
+ This gets a non-employee request.
- There are two contextual uses for this endpoint:
+ There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:read`, in this case the user
- can get the non-employee request for any user.
+ can get the non-employee request for any user.
2. The user must be the owner of the non-employee request.
parameters:
- in: path
@@ -48,7 +48,7 @@ delete:
- Non-Employee Lifecycle Management
summary: Delete Non-Employee Request
description: >-
- This request will delete a non-employee request.
+ This request will delete a non-employee request.
Requires role context of `idn:nesr:delete`
parameters:
diff --git a/static/api-specs/idn/v3/paths/non-employee-requests.yaml b/static/api-specs/idn/v3/paths/non-employee-requests.yaml
index e712481b6..650f6e314 100644
--- a/static/api-specs/idn/v3/paths/non-employee-requests.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-requests.yaml
@@ -6,9 +6,8 @@ post:
- Non-Employee Lifecycle Management
summary: Create Non-Employee Request
description: >-
- This request will create a non-employee request and notify the
- approver.
Requires role context of `idn:nesr:create` or the user
- must own the source.
+ This request will create a non-employee request and notify the approver.
+ Requires role context of `idn:nesr:create` or the user must own the source.
requestBody:
description: Non-Employee creation request body
required: true
@@ -66,11 +65,11 @@ get:
- Non-Employee Lifecycle Management
summary: List Non-Employee Requests
description: >-
- This gets a list of non-employee requests.
There are two contextual
- uses for the `requested-for` path parameter:
+ This gets a list of non-employee requests. There are two contextual uses for
+ the `requested-for` path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
she may request a list non-employee requests assigned to a particular
- account manager by passing in that manager's id.
+ account manager by passing in that manager's id.
2. The current user is an account manager, in which case "me" should be
provided as the `requested-for` value. This will provide the user with a
list of the non-employee requests in the source(s) he or she manages.
@@ -97,7 +96,7 @@ get:
description: >-
Sort results using the standard syntax described in [V3 API Standard
Collection
- Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
+ Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
Sorting is supported for the following fields: **created,
approvalStatus, firstName, lastName, email, phone, accountName,
startDate, endDate**
@@ -110,9 +109,9 @@ get:
description: >-
Filter results using the standard syntax described in [V3 API Standard
Collection
- Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)
- Filtering is supported for the following fields and operators:
- **sourceId**: *eq*
*Example:* sourceId eq
+ Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)
+ Filtering is supported for the following fields and operators:
+ **sourceId**: *eq* *Example:* sourceId eq
"2c91808568c529c60168cca6f90c1313"
responses:
"200":
diff --git a/static/api-specs/idn/v3/paths/non-employee-source-aggregate.yaml b/static/api-specs/idn/v3/paths/non-employee-source-aggregate.yaml
index a98f0f264..8a47beabf 100644
--- a/static/api-specs/idn/v3/paths/non-employee-source-aggregate.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-source-aggregate.yaml
@@ -7,7 +7,7 @@ post:
summary: Aggregate all accounts for a Non-Employee Source
description: >-
This fetches all the non-employee records related to a non-employee source
- and publishes an aggregation event for each one.
+ and publishes an aggregation event for each one.
Requires auth scope of 'idn:nesr:create'
parameters:
diff --git a/static/api-specs/idn/v3/paths/non-employee-source.yaml b/static/api-specs/idn/v3/paths/non-employee-source.yaml
index 7a938f5f3..655b0a2e6 100644
--- a/static/api-specs/idn/v3/paths/non-employee-source.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-source.yaml
@@ -6,10 +6,10 @@ get:
- Non-Employee Lifecycle Management
summary: Get a Non-Employee Source
description: >-
- This gets a non-employee source.
There are two contextual uses for
- the requested-for path parameter:
+ This gets a non-employee source. There are two contextual uses for the
+ requested-for path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or
- she may request any source.
+ she may request any source.
2. The current user is an account manager, in which case the user can only
request sources that they own.
parameters:
@@ -46,8 +46,8 @@ patch:
- Non-Employee Lifecycle Management
summary: Patch a Non-Employee Source
description: >-
- patch a non-employee source. (partial update)
Patchable field: **name,
- description, approvers, accountManagers**
Requires role context of
+ patch a non-employee source. (partial update) Patchable field: **name,
+ description, approvers, accountManagers** Requires role context of
`idn:nesr:update`.
parameters:
- in: path
@@ -105,8 +105,8 @@ delete:
- Non-Employee Lifecycle Management
summary: Delete Non-Employee Source
description: >-
- This request will delete a non-employee source.
Requires role
- context of `idn:nesr:delete`.
+ This request will delete a non-employee source. Requires role context of
+ `idn:nesr:delete`.
parameters:
- in: path
name: sourceId
diff --git a/static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-details.yaml b/static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-details.yaml
index 89e0d6a8e..6efa9fef6 100644
--- a/static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-details.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-details.yaml
@@ -6,9 +6,9 @@ get:
- Non-Employee Lifecycle Management
summary: Details of bulk upload job on source
description: |
- This API returns the details of the newest bulk upload job for the specified source.
+ This API returns the details of the newest bulk upload job for the specified source.
- Requires role context of `idn:nesr:read`
+ Requires role context of `idn:nesr:read`
This is for internal use only.
parameters:
diff --git a/static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-non-employees.yaml b/static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-non-employees.yaml
index db085b980..eb5713226 100644
--- a/static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-non-employees.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-non-employees.yaml
@@ -6,8 +6,8 @@ post:
- Non-Employee Lifecycle Management
summary: Imports, or Updates, Non-Employee Records
description: >-
- This post will import, or update, Non-Employee records found in the
- CSV.
Requires role context of `idn:nesr:create`
+ This post will import, or update, Non-Employee records found in the CSV.
+ Requires role context of `idn:nesr:create`
parameters:
- in: path
name: id
diff --git a/static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-status.yaml b/static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-status.yaml
index 165c48cad..9c5394e58 100644
--- a/static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-status.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-status.yaml
@@ -6,7 +6,7 @@ get:
- Non-Employee Lifecycle Management
summary: Obtain the status of bulk upload on the source
description: |
- The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source.
+ The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source.
Requires role context of `idn:nesr:read`
parameters:
- in: path
diff --git a/static/api-specs/idn/v3/paths/non-employee-sources-export-non-employees.yaml b/static/api-specs/idn/v3/paths/non-employee-sources-export-non-employees.yaml
index 8d3d2d857..89c05ac99 100644
--- a/static/api-specs/idn/v3/paths/non-employee-sources-export-non-employees.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-sources-export-non-employees.yaml
@@ -6,8 +6,8 @@ get:
- Non-Employee Lifecycle Management
summary: Exports Non-Employee Records to CSV
description: >-
- This requests a CSV download for all non-employees from a provided
- source.
Requires role context of `idn:nesr:read`
+ This requests a CSV download for all non-employees from a provided source.
+ Requires role context of `idn:nesr:read`
parameters:
- in: path
name: id
diff --git a/static/api-specs/idn/v3/paths/non-employee-sources-export-schema-attributes-template.yaml b/static/api-specs/idn/v3/paths/non-employee-sources-export-schema-attributes-template.yaml
index 4faed314e..ea8264b23 100644
--- a/static/api-specs/idn/v3/paths/non-employee-sources-export-schema-attributes-template.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-sources-export-schema-attributes-template.yaml
@@ -6,8 +6,8 @@ get:
- Non-Employee Lifecycle Management
summary: Exports Source Schema Template
description: >-
- This requests a download for the Source Schema Template for a provided source.
- Requires role context of `idn:nesr:read`
+ This requests a download for the Source Schema Template for a provided
+ source. Requires role context of `idn:nesr:read`
parameters:
- in: path
name: id
@@ -18,21 +18,21 @@ get:
schema:
type: string
responses:
- '200':
+ "200":
description: Exported Source Schema Template
content:
text/csv:
example: |
accountName,firstName,lastName,phone,email,manager,startDate,endDate
- '400':
- $ref: '../responses/400.yaml'
- '401':
- $ref: '../responses/401.yaml'
- '403':
- $ref: '../responses/403.yaml'
- '404':
- $ref: '../responses/404.yaml'
- '429':
- $ref: '../responses/429.yaml'
- '500':
- $ref: '../responses/500.yaml'
+ "400":
+ $ref: "../responses/400.yaml"
+ "401":
+ $ref: "../responses/401.yaml"
+ "403":
+ $ref: "../responses/403.yaml"
+ "404":
+ $ref: "../responses/404.yaml"
+ "429":
+ $ref: "../responses/429.yaml"
+ "500":
+ $ref: "../responses/500.yaml"
diff --git a/static/api-specs/idn/v3/paths/non-employee-sources-schema-attribute.yaml b/static/api-specs/idn/v3/paths/non-employee-sources-schema-attribute.yaml
index a39151781..9cbc9b459 100644
--- a/static/api-specs/idn/v3/paths/non-employee-sources-schema-attribute.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-sources-schema-attribute.yaml
@@ -6,8 +6,9 @@ get:
- Non-Employee Lifecycle Management
summary: Get Schema Attribute Non-Employee Source
description: >-
- This API gets a schema attribute by Id for the specified Non-Employee SourceId.
- Requires role context of `idn:nesr:read` or the user must be an account manager of the source.
+ This API gets a schema attribute by Id for the specified Non-Employee
+ SourceId. Requires role context of `idn:nesr:read` or the user must be an
+ account manager of the source.
parameters:
- in: path
name: attributeId
@@ -24,22 +25,22 @@ get:
example: ef38f94347e94562b5bb8424a56397d8
description: The Source id
responses:
- '200':
+ "200":
description: The Schema Attribute
content:
application/json:
schema:
- $ref: '../schemas/non-employee/NonEmployeeSchemaAttribute.yaml'
- '400':
- $ref: '../responses/400.yaml'
- '401':
- $ref: '../responses/401.yaml'
- '403':
- $ref: '../responses/403.yaml'
- '429':
- $ref: '../responses/429.yaml'
- '500':
- $ref: '../responses/500.yaml'
+ $ref: "../schemas/non-employee/NonEmployeeSchemaAttribute.yaml"
+ "400":
+ $ref: "../responses/400.yaml"
+ "401":
+ $ref: "../responses/401.yaml"
+ "403":
+ $ref: "../responses/403.yaml"
+ "429":
+ $ref: "../responses/429.yaml"
+ "500":
+ $ref: "../responses/500.yaml"
patch:
operationId: patchSchemaAttribute
# security:
@@ -48,7 +49,7 @@ patch:
- Non-Employee Lifecycle Management
summary: Patch a Schema Attribute for Non-Employee Source
description: |
- This end-point patches a specific schema attribute for a non-employee SourceId.
+ This end-point patches a specific schema attribute for a non-employee SourceId.
Requires role context of `idn:nesr:update`
parameters:
- in: path
@@ -66,38 +67,41 @@ patch:
description: The Source id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
- description: A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
- The following properties are allowed for update ':' 'label', 'helpText', 'placeholder', 'required'.
+ description:
+ A list of schema attribute update operations according to the [JSON
+ Patch](https://tools.ietf.org/html/rfc6902) standard. The following
+ properties are allowed for update ':' 'label', 'helpText', 'placeholder',
+ 'required'.
content:
application/json-patch+json:
schema:
type: array
items:
- $ref: '../schemas/JsonPatchOperation.yaml'
+ $ref: "../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/label"
value: { "new attribute label" }
required: true
responses:
- '200':
+ "200":
description: The Schema Attribute was successfully patched.
content:
application/json:
schema:
- $ref: '../schemas/non-employee/NonEmployeeSchemaAttribute.yaml'
- '400':
- $ref: '../responses/400.yaml'
- '401':
- $ref: '../responses/401.yaml'
- '403':
- $ref: '../responses/403.yaml'
- '404':
- $ref: '../responses/404.yaml'
- '429':
- $ref: '../responses/429.yaml'
- '500':
- $ref: '../responses/500.yaml'
+ $ref: "../schemas/non-employee/NonEmployeeSchemaAttribute.yaml"
+ "400":
+ $ref: "../responses/400.yaml"
+ "401":
+ $ref: "../responses/401.yaml"
+ "403":
+ $ref: "../responses/403.yaml"
+ "404":
+ $ref: "../responses/404.yaml"
+ "429":
+ $ref: "../responses/429.yaml"
+ "500":
+ $ref: "../responses/500.yaml"
delete:
operationId: deleteSchemaAttribute
# security:
@@ -105,8 +109,8 @@ delete:
tags:
- Non-Employee Lifecycle Management
summary: Delete a Schema Attribute for Non-Employee Source
- description: |
- This end-point deletes a specific schema attribute for a non-employee source.
+ description: |
+ This end-point deletes a specific schema attribute for a non-employee source.
Requires role context of `idn:nesr:delete`
parameters:
- in: path
@@ -124,16 +128,16 @@ delete:
description: The Source id
example: ef38f94347e94562b5bb8424a56397d8
responses:
- '204':
- $ref: '../responses/204.yaml'
+ "204":
+ $ref: "../responses/204.yaml"
description: The Schema Attribute was successfully deleted.
- '400':
- $ref: '../responses/400.yaml'
- '401':
- $ref: '../responses/401.yaml'
- '403':
- $ref: '../responses/403.yaml'
- '429':
- $ref: '../responses/429.yaml'
- '500':
- $ref: '../responses/500.yaml'
+ "400":
+ $ref: "../responses/400.yaml"
+ "401":
+ $ref: "../responses/401.yaml"
+ "403":
+ $ref: "../responses/403.yaml"
+ "429":
+ $ref: "../responses/429.yaml"
+ "500":
+ $ref: "../responses/500.yaml"
diff --git a/static/api-specs/idn/v3/paths/non-employee-sources-schema-attributes.yaml b/static/api-specs/idn/v3/paths/non-employee-sources-schema-attributes.yaml
index bbf059028..ff6fd0e81 100644
--- a/static/api-specs/idn/v3/paths/non-employee-sources-schema-attributes.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-sources-schema-attributes.yaml
@@ -5,12 +5,14 @@ get:
tags:
- Non-Employee Lifecycle Management
summary: List Schema Attributes Non-Employee Source
- description: This API gets the list of schema attributes for the specified Non-Employee SourceId. There are 8
- mandatory attributes added to each new Non-Employee Source automatically. Additionaly, user can
- add up to 10 custom attributes. This interface returns all the mandatory attributes followed by
- any custom attributes. At most, a total of 18 attributes will be returned.
-
- Requires role context of `idn:nesr:read` or the user must be an account manager of the source.
+ description: This API gets the list of schema attributes for the specified
+ Non-Employee SourceId. There are 8 mandatory attributes added to each new
+ Non-Employee Source automatically. Additionaly, user can add up to 10 custom
+ attributes. This interface returns all the mandatory attributes followed by
+ any custom attributes. At most, a total of 18 attributes will be returned.
+
+ Requires role context of `idn:nesr:read` or the user must be an account
+ manager of the source.
parameters:
- in: path
name: sourceId
@@ -20,27 +22,27 @@ get:
example: ef38f94347e94562b5bb8424a56397d8
description: The Source id
responses:
- '200':
+ "200":
description: A list of Schema Attributes
content:
application/json:
schema:
type: array
items:
- $ref: '../schemas/non-employee/NonEmployeeSchemaAttribute.yaml'
+ $ref: "../schemas/non-employee/NonEmployeeSchemaAttribute.yaml"
maxItems: 18
- '400':
- $ref: '../responses/400.yaml'
- '401':
- $ref: '../responses/401.yaml'
- '403':
- $ref: '../responses/403.yaml'
- '404':
- $ref: '../responses/404.yaml'
- '429':
- $ref: '../responses/429.yaml'
- '500':
- $ref: '../responses/500.yaml'
+ "400":
+ $ref: "../responses/400.yaml"
+ "401":
+ $ref: "../responses/401.yaml"
+ "403":
+ $ref: "../responses/403.yaml"
+ "404":
+ $ref: "../responses/404.yaml"
+ "429":
+ $ref: "../responses/429.yaml"
+ "500":
+ $ref: "../responses/500.yaml"
post:
operationId: createSchemaAttribute
# security:
@@ -49,10 +51,12 @@ post:
- Non-Employee Lifecycle Management
summary: Create a new Schema Attribute for Non-Employee Source
description: >-
- This API creates a new schema attribute for Non-Employee Source. The schema technical name must be
- unique in the source. Attempts to create a schema attribute with an existing name will result in a
- "400.1.409 Reference conflict" response. At most, 10 custom attributes can be created per schema. Attempts
- to create more than 10 will result in a "400.1.4 Limit violation" response.
+ This API creates a new schema attribute for Non-Employee Source. The schema
+ technical name must be unique in the source. Attempts to create a schema
+ attribute with an existing name will result in a "400.1.409 Reference
+ conflict" response. At most, 10 custom attributes can be created per schema.
+ Attempts to create more than 10 will result in a "400.1.4 Limit violation"
+ response.
Requires role context of `idn:nesr:create`
parameters:
@@ -68,25 +72,25 @@ post:
content:
application/json:
schema:
- $ref: '../schemas/non-employee/NonEmployeeSchemaAttributeBody.yaml'
+ $ref: "../schemas/non-employee/NonEmployeeSchemaAttributeBody.yaml"
responses:
- '200':
+ "200":
description: >-
Schema Attribute created.
content:
application/json:
schema:
- $ref: '../schemas/non-employee/NonEmployeeSchemaAttribute.yaml'
- '400':
- $ref: '../responses/400.yaml'
- '401':
- $ref: '../responses/401.yaml'
- '403':
- $ref: '../responses/403.yaml'
- '429':
- $ref: '../responses/429.yaml'
- '500':
- $ref: '../responses/500.yaml'
+ $ref: "../schemas/non-employee/NonEmployeeSchemaAttribute.yaml"
+ "400":
+ $ref: "../responses/400.yaml"
+ "401":
+ $ref: "../responses/401.yaml"
+ "403":
+ $ref: "../responses/403.yaml"
+ "429":
+ $ref: "../responses/429.yaml"
+ "500":
+ $ref: "../responses/500.yaml"
delete:
operationId: deleteSchemaAttributes
# security:
@@ -95,8 +99,8 @@ delete:
- Non-Employee Lifecycle Management
summary: Delete all custom schema attributes for Non-Employee Source
description: >-
- This end-point deletes all custom schema attributes for a non-employee source.
- Requires role context of `idn:nesr:delete`
+ This end-point deletes all custom schema attributes for a non-employee
+ source. Requires role context of `idn:nesr:delete`
parameters:
- in: path
name: sourceId
@@ -106,16 +110,16 @@ delete:
description: The Source id
example: ef38f94347e94562b5bb8424a56397d8
responses:
- '204':
- $ref: '../responses/204.yaml'
+ "204":
+ $ref: "../responses/204.yaml"
description: All custon Schema Attributes were successfully deleted.
- '400':
- $ref: '../responses/400.yaml'
- '401':
- $ref: '../responses/401.yaml'
- '403':
- $ref: '../responses/403.yaml'
- '429':
- $ref: '../responses/429.yaml'
- '500':
- $ref: '../responses/500.yaml'
\ No newline at end of file
+ "400":
+ $ref: "../responses/400.yaml"
+ "401":
+ $ref: "../responses/401.yaml"
+ "403":
+ $ref: "../responses/403.yaml"
+ "429":
+ $ref: "../responses/429.yaml"
+ "500":
+ $ref: "../responses/500.yaml"
diff --git a/static/api-specs/idn/v3/paths/non-employee-sources.yaml b/static/api-specs/idn/v3/paths/non-employee-sources.yaml
index 58d40f49f..989dad096 100644
--- a/static/api-specs/idn/v3/paths/non-employee-sources.yaml
+++ b/static/api-specs/idn/v3/paths/non-employee-sources.yaml
@@ -6,32 +6,32 @@ post:
- Non-Employee Lifecycle Management
summary: Create Non-Employee Source
description: >-
- This request will create a non-employee source.
- Requires role context of `idn:nesr:create`
+ This request will create a non-employee source. Requires role context of
+ `idn:nesr:create`
requestBody:
description: Non-Employee source creation request body.
required: true
content:
application/json:
schema:
- $ref: '../schemas/non-employee/NonEmployeeSourceRequestBody.yaml'
+ $ref: "../schemas/non-employee/NonEmployeeSourceRequestBody.yaml"
responses:
- '200':
+ "200":
description: Created non-employee source.
content:
application/json:
schema:
- $ref: '../schemas/non-employee/NonEmployeeSourceWithCloudExternalId.yaml'
- '400':
- $ref: '../responses/400.yaml'
- '401':
- $ref: '../responses/401.yaml'
- '403':
- $ref: '../responses/403.yaml'
- '429':
- $ref: '../responses/429.yaml'
- '500':
- $ref: '../responses/500.yaml'
+ $ref: "../schemas/non-employee/NonEmployeeSourceWithCloudExternalId.yaml"
+ "400":
+ $ref: "../responses/400.yaml"
+ "401":
+ $ref: "../responses/401.yaml"
+ "403":
+ $ref: "../responses/403.yaml"
+ "429":
+ $ref: "../responses/429.yaml"
+ "500":
+ $ref: "../responses/500.yaml"
get:
operationId: nonEmployeeSourcesList
security:
@@ -40,14 +40,18 @@ get:
- Non-Employee Lifecycle Management
summary: List Non-Employee Sources
description: >-
- This gets a list of non-employee sources.
- There are two contextual uses for the requested-for path parameter:
- 1. The user has the role context of `idn:nesr:read`, in which case he or she may request a list sources assigned to a particular account manager by passing in that manager's id.
- 2. The current user is an account manager, in which case "me" should be provided as the `requested-for` value. This will provide the user with a list of the sources that he or she owns.
+ This gets a list of non-employee sources. There are two contextual uses for
+ the requested-for path parameter:
+ 1. The user has the role context of `idn:nesr:read`, in which case he or
+ she may request a list sources assigned to a particular account manager by
+ passing in that manager's id.
+ 2. The current user is an account manager, in which case "me" should be
+ provided as the `requested-for` value. This will provide the user with a
+ list of the sources that he or she owns.
parameters:
- - $ref: '../parameters/limit.yaml'
- - $ref: '../parameters/offset.yaml'
- - $ref: '../parameters/count.yaml'
+ - $ref: "../parameters/limit.yaml"
+ - $ref: "../parameters/offset.yaml"
+ - $ref: "../parameters/count.yaml"
- in: query
name: requested-for
required: true
@@ -55,7 +59,8 @@ get:
type: string
example: me
description: >-
- The identity for whom the request was made. *me* indicates the current user.
+ The identity for whom the request was made. *me* indicates the current
+ user.
- in: query
name: non-employee-count
required: false
@@ -63,7 +68,8 @@ get:
schema:
type: boolean
description: >-
- The flag to determine whether return a non-employee count associate with source.
+ The flag to determine whether return a non-employee count associate with
+ source.
- in: query
name: sorters
required: false
@@ -72,24 +78,26 @@ get:
format: comma-separated
example: "name,created"
description: >-
- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
+ Sort results using the standard syntax described in [V3 API Standard
+ Collection
+ Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
Sorting is supported for the following fields: **name, created**
responses:
- '200':
+ "200":
description: List of non-employee sources objects.
content:
application/json:
schema:
type: array
items:
- $ref: '../schemas/non-employee/NonEmployeeSourceWithNECount.yaml'
- '400':
- $ref: '../responses/400.yaml'
- '401':
- $ref: '../responses/401.yaml'
- '403':
- $ref: '../responses/403.yaml'
- '429':
- $ref: '../responses/429.yaml'
- '500':
- $ref: '../responses/500.yaml'
\ No newline at end of file
+ $ref: "../schemas/non-employee/NonEmployeeSourceWithNECount.yaml"
+ "400":
+ $ref: "../responses/400.yaml"
+ "401":
+ $ref: "../responses/401.yaml"
+ "403":
+ $ref: "../responses/403.yaml"
+ "429":
+ $ref: "../responses/429.yaml"
+ "500":
+ $ref: "../responses/500.yaml"
diff --git a/static/api-specs/idn/v3/paths/personal-access-token.yaml b/static/api-specs/idn/v3/paths/personal-access-token.yaml
index c5d3cbdea..674b30f58 100644
--- a/static/api-specs/idn/v3/paths/personal-access-token.yaml
+++ b/static/api-specs/idn/v3/paths/personal-access-token.yaml
@@ -4,14 +4,13 @@ delete:
- Personal Access Tokens
summary: Delete Personal Access Token
description: >-
- This deletes a personal access token
-
- Any of the following rights are required to access this resource:
-
- - idn:my-personal-access-tokens:delete
- - idn:all-personal-access-tokens:delete
- - idn:managed-personal-access-tokens:delete
-
+ This deletes a personal access token
+
+ Any of the following rights are required to access this resource:
+ idn:my-personal-access-tokens:delete
+ idn:all-personal-access-tokens:delete
+ idn:managed-personal-access-tokens:delete
+
parameters:
- in: path
name: id
@@ -21,17 +20,17 @@ delete:
description: The personal access token id
example: ef38f94347e94562b5bb8424a56397d8
responses:
- '204':
+ "204":
description: No content.
- '400':
- $ref: '../responses/400.yaml'
- '401':
- $ref: '../responses/401.yaml'
- '403':
- $ref: '../responses/403.yaml'
- '404':
- $ref: '../responses/404.yaml'
- '429':
- $ref: '../responses/429.yaml'
- '500':
- $ref: '../responses/500.yaml'
+ "400":
+ $ref: "../responses/400.yaml"
+ "401":
+ $ref: "../responses/401.yaml"
+ "403":
+ $ref: "../responses/403.yaml"
+ "404":
+ $ref: "../responses/404.yaml"
+ "429":
+ $ref: "../responses/429.yaml"
+ "500":
+ $ref: "../responses/500.yaml"
diff --git a/static/api-specs/idn/v3/paths/personal-access-tokens.yaml b/static/api-specs/idn/v3/paths/personal-access-tokens.yaml
index e22813b3e..88cfc630e 100644
--- a/static/api-specs/idn/v3/paths/personal-access-tokens.yaml
+++ b/static/api-specs/idn/v3/paths/personal-access-tokens.yaml
@@ -4,87 +4,92 @@ get:
- Personal Access Tokens
summary: List Personal Access Tokens
description: >-
- This gets a collection of personal access tokens associated with the optional owner-id.
- query parameter. If the owner-id query parameter is omitted, all personal access tokens
- for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right.
-
- Any of the following rights are required to access this resource:
-
- - idn:my-personal-access-tokens:read
- - idn:all-personal-access-tokens:read
- - idn:managed-personal-access-tokens:read
-
+ This gets a collection of personal access tokens associated with the
+ optional owner-id. query parameter. If the owner-id query parameter is
+ omitted, all personal access tokens
+ for a tenant will be retrieved, but the caller must have the
+ 'idn:all-personal-access-tokens:read' right.
+
+ Any of the following rights are required to access this resource:
+ idn:my-personal-access-tokens:read
+ idn:all-personal-access-tokens:read
+ idn:managed-personal-access-tokens:read
+
parameters:
- in: query
name: owner-id
description: >-
- The identity ID of the owner whose personal access tokens should be listed.
- If "me", the caller should have the following right: 'idn:my-personal-access-tokens:read'
-
- If an actual owner ID or if the owner-id parameter is omitted in the request,
- the caller should have the following right: 'idn:all-personal-access-tokens:read'.
-
- If the caller has the following right, then managed personal access tokens associated with owner-id
- will be retrieved: 'idn:managed-personal-access-tokens:read'
+ The identity ID of the owner whose personal access tokens should be
+ listed. If "me", the caller should have the following right:
+ 'idn:my-personal-access-tokens:read'
+
+ If an actual owner ID or if the owner-id parameter is omitted in the
+ request, the caller should have the following right:
+ 'idn:all-personal-access-tokens:read'.
+
+ If the caller has the following right, then managed personal access
+ tokens associated with owner-id will be retrieved:
+ 'idn:managed-personal-access-tokens:read'
required: false
schema:
type: string
default: null
example: 2c9180867b50d088017b554662fb281e
responses:
- '200':
+ "200":
description: List of personal access tokens.
content:
application/json:
schema:
type: array
items:
- $ref: '../schemas/GetPersonalAccessTokenResponse.yaml'
- '400':
- $ref: '../responses/400.yaml'
- '401':
- $ref: '../responses/401.yaml'
- '403':
- $ref: '../responses/403.yaml'
- '429':
- $ref: '../responses/429.yaml'
- '500':
- $ref: '../responses/500.yaml'
+ $ref: "../schemas/GetPersonalAccessTokenResponse.yaml"
+ "400":
+ $ref: "../responses/400.yaml"
+ "401":
+ $ref: "../responses/401.yaml"
+ "403":
+ $ref: "../responses/403.yaml"
+ "429":
+ $ref: "../responses/429.yaml"
+ "500":
+ $ref: "../responses/500.yaml"
post:
operationId: createPersonalAccessToken
tags:
- Personal Access Tokens
summary: Create Personal Access Token
description: >-
- This creates a personal access token.
-
- Any of the following rights are required to access this resource:
-
- - idn:my-personal-access-tokens:create
- - idn:all-personal-access-tokens:create
- - idn:managed-personal-access-tokens:create
-
+ This creates a personal access token.
+
+ Any of the following rights are required to access this resource:
+ idn:my-personal-access-tokens:create
+ idn:all-personal-access-tokens:create
+ idn:managed-personal-access-tokens:create
+
requestBody:
description: Name and scope of personal access token.
required: true
content:
application/json:
schema:
- $ref: '../schemas/CreatePersonalAccessTokenRequest.yaml'
+ $ref: "../schemas/CreatePersonalAccessTokenRequest.yaml"
responses:
- '200':
- description: Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed.
+ "200":
+ description:
+ Created. Note - this is the only time Personal Access Tokens' secret
+ attribute will be displayed.
content:
application/json:
schema:
- $ref: '../schemas/CreatePersonalAccessTokenResponse.yaml'
- '400':
- $ref: '../responses/400.yaml'
- '401':
- $ref: '../responses/401.yaml'
- '403':
- $ref: '../responses/403.yaml'
- '429':
- $ref: '../responses/429.yaml'
- '500':
- $ref: '../responses/500.yaml'
+ $ref: "../schemas/CreatePersonalAccessTokenResponse.yaml"
+ "400":
+ $ref: "../responses/400.yaml"
+ "401":
+ $ref: "../responses/401.yaml"
+ "403":
+ $ref: "../responses/403.yaml"
+ "429":
+ $ref: "../responses/429.yaml"
+ "500":
+ $ref: "../responses/500.yaml"
diff --git a/static/api-specs/idn/v3/schemas/transforms/AccountAttribute.yaml b/static/api-specs/idn/v3/schemas/transforms/AccountAttribute.yaml
index 30069b928..a6cfa4bcb 100644
--- a/static/api-specs/idn/v3/schemas/transforms/AccountAttribute.yaml
+++ b/static/api-specs/idn/v3/schemas/transforms/AccountAttribute.yaml
@@ -1,8 +1,8 @@
title: accountAttribute
type: object
required:
-- sourceName
-- attributeName
+ - sourceName
+ - attributeName
properties:
sourceName:
type: string
@@ -10,46 +10,60 @@ properties:
example: Workday
attributeName:
type: string
- description: The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.
+ description:
+ The name of the attribute on the account to return. This should match the
+ name of the account attribute name visible in the user interface, or on
+ the source schema.
example: DEPARTMENT
- accountSortAttribute:
+ accountSortAttribute:
type: string
- description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
+ description:
+ The value of this configuration is a string name of the attribute to use
+ when determining the ordering of returned accounts when there are multiple
+ entries
example: created
accountSortDescending:
type: boolean
description: >-
- The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts.
- If not defined, the transform will default to false (ascending order)
+ The value of this configuration is a boolean (true/false). Controls the
+ order of the sort when there are multiple accounts. If not defined, the
+ transform will default to false (ascending order)
example: false
accountReturnFirstLink:
type: boolean
description: >-
- The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute.
- If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value.
- If not defined, the transform will default to false
+ The value of this configuration is a boolean (true/false). Controls which
+ account to source a value from for an attribute. If this flag is set to
+ true, the transform returns the value from the first account in the list,
+ even if it is null. If it is set to false, the transform returns the first
+ non-null value. If not defined, the transform will default to false
example: false
accountFilter:
type: string
description: >-
- This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database.
- The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
-
+ This expression queries the database to narrow search results. The value
+ of this configuration is a sailpoint.object.Filter expression and used
+ when searching against the database. The default filter will always
+ include the source and identity, and any subsequent expressions will be
+ combined in an AND operation to the existing search criteria.
- Only certain searchable attributes are available:
- - `nativeIdentity` - the Account ID
- - `displayName` - the Account Name
- - `entitlements` - a boolean value to determine if the account has entitlements
- example: "!(nativeIdentity.startsWith(\"*DELETED*\"))"
+
+ Only certain searchable attributes are available: - `nativeIdentity` -
+ the Account ID - `displayName` - the Account Name - `entitlements` - a
+ boolean value to determine if the account has entitlements
+ example: '!(nativeIdentity.startsWith("*DELETED*"))'
accountPropertyFilter:
type: string
description: >-
- This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
-
-
- All account attributes are available for filtering as this operation is performed in memory.
+ This expression is used to search and filter accounts in memory. The value
+ of this configuration is a sailpoint.object.Filter expression and used
+ when searching against the returned resultset.
+
+
+ All account attributes are available for filtering as this operation is
+ performed in memory.
example: "(groups.containsAll({'Admin'}) || location == 'Austin')"
requiresPeriodicRefresh:
- $ref: './RequiresPeriodicRefresh.yaml'
+ $ref: "./RequiresPeriodicRefresh.yaml"
input:
- $ref: './input.yaml'
\ No newline at end of file
+ $ref: "./input.yaml"