LukeParke/developer.sailpoint.com
1
0
Fork 0
mirror of https://github.com/LukeHagar/developer.sailpoint.com.git synced 2025-12-07 12:27:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into feature/docusaurus-upgrade-2.2.0

Browse Source
This commit is contained in:
philip-ellis-sp
2022-11-17 13:55:26 -05:00
parent 7e67cb76ba 4d8660ac6e
commit fe5747541b
66 changed files with 1714 additions and 1536 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
static/api-specs/idn/beta/paths/auth-org-lockout-config.yaml
View File

@@ -4,23 +4,23 @@ get:
- Auth Org Configuration - Auth Org Configuration
summary: Get the org's auth org lockout configuration. summary: Get the org's auth org lockout configuration.
description: >- description: >-
This API returns the details of an org's lockout auth configuration. </br> This API returns the details of an org's lockout auth configuration.
Requires security scope of: 'sp:auth-org:read' Requires security scope of: 'sp:auth-org:read'
responses: responses:
'200': "200":
description: Lockout configuration for the tenant's auth org. description: Lockout configuration for the tenant's auth org.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/LockoutConfiguration.yaml' $ref: "../schemas/LockoutConfiguration.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'404': "404":
$ref: '../../v3/responses/404.yaml' $ref: "../../v3/responses/404.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
# security: # security:
# - oauth2: [sp:auth-org:read] # - oauth2: [sp:auth-org:read]
post: post:
@@ -29,38 +29,37 @@ post:
- Auth Org Configuration - Auth Org Configuration
summary: Create the org's auth org lockout configuration. summary: Create the org's auth org lockout configuration.
description: >- description: >-
This API returns the details of an org's lockout auth configuration. </br> This API returns the details of an org's lockout auth configuration.
Requires security scope of: 'sp:auth-org:create' Requires security scope of: 'sp:auth-org:create'
requestBody: requestBody:
required: true required: true
description: >- description: >-
Lockout configuration creation request body. </br> Lockout configuration creation request body. The following constraints
</br> ensure the request body conforms to certain logical guidelines, which are:
The following constraints ensure the request body conforms to certain logical guidelines, which are:
1. maximumAttempts >= 1 && maximumAttempts <= 15 1. maximumAttempts >= 1 && maximumAttempts <= 15
2. lockoutDuration >= 5 && lockoutDuration <= 60 2. lockoutDuration >= 5 && lockoutDuration <= 60
3. lockoutWindow >= 5 && lockoutDuration <= 60 3. lockoutWindow >= 5 && lockoutDuration <= 60
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/LockoutConfiguration.yaml' $ref: "../schemas/LockoutConfiguration.yaml"
responses: responses:
'200': "200":
description: Lockout configuration for the tenant. description: Lockout configuration for the tenant.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/LockoutConfiguration.yaml' $ref: "../schemas/LockoutConfiguration.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'404': "404":
$ref: '../../v3/responses/404.yaml' $ref: "../../v3/responses/404.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
# security: # security:
# - oauth2: [sp:auth-org:create] # - oauth2: [sp:auth-org:create]
patch: patch:
@@ -69,14 +68,16 @@ patch:
- Auth Org Configuration - Auth Org Configuration
summary: Update the org's auth org lockout configuration summary: Update the org's auth org lockout configuration
description: >- description: >-
This API updates an existing lockout configuration for an org using PATCH </br> This API updates an existing lockout configuration for an org using PATCH
Requires security scope of: 'sp:auth-org:update' Requires security scope of: 'sp:auth-org:update'
requestBody: requestBody:
required: true required: true
description: >- description: >-
A list of auth org lockout configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.<br/> A list of auth org lockout configuration update operations according to
<br/> the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Ensures that the patched Lockout Config conforms to certain logical guidelines, which are:
Ensures that the patched Lockout Config conforms to certain logical
guidelines, which are:
1. maximumAttempts >= 1 && maximumAttempts <= 15 1. maximumAttempts >= 1 && maximumAttempts <= 15
2. lockoutDuration >= 5 && lockoutDuration <= 60 2. lockoutDuration >= 5 && lockoutDuration <= 60
3. lockoutWindow >= 5 && lockoutDuration <= 60 3. lockoutWindow >= 5 && lockoutDuration <= 60
@@ -85,7 +86,7 @@ patch:
schema: schema:
type: array type: array
items: items:
$ref: '../schemas/JsonPatchOperation.yaml' $ref: "../schemas/JsonPatchOperation.yaml"
example: example:
- op: "replace" - op: "replace"
path: "/maximumAttempts" path: "/maximumAttempts"
@@ -94,21 +95,21 @@ patch:
path: "/lockoutDuration" path: "/lockoutDuration"
value: 35 value: 35
responses: responses:
'200': "200":
description: Updated Auth Org lockout configuration. description: Updated Auth Org lockout configuration.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/LockoutConfiguration.yaml' $ref: "../schemas/LockoutConfiguration.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'404': "404":
$ref: '../../v3/responses/404.yaml' $ref: "../../v3/responses/404.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
# security: # security:
# - oauth2: [sp:auth-org:update] # - oauth2: [sp:auth-org:update]

103
static/api-specs/idn/beta/paths/auth-org-network-config.yaml
View File

@@ -4,23 +4,23 @@ get:
- Auth Org Configuration - Auth Org Configuration
summary: Get the org's auth org network configuration. summary: Get the org's auth org network configuration.
description: >- description: >-
This API returns the details of an org's network auth configuration. </br> This API returns the details of an org's network auth configuration.
Requires security scope of: 'sp:auth-org:read' Requires security scope of: 'sp:auth-org:read'
responses: responses:
'200': "200":
description: Network configuration for the tenant's auth org. description: Network configuration for the tenant's auth org.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/NetworkConfiguration.yaml' $ref: "../schemas/NetworkConfiguration.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'404': "404":
$ref: '../../v3/responses/404.yaml' $ref: "../../v3/responses/404.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
# security: # security:
# - oauth2: [sp:auth-org:read] # - oauth2: [sp:auth-org:read]
post: post:
@@ -29,37 +29,38 @@ post:
- Auth Org Configuration - Auth Org Configuration
summary: Create the org's auth org network configuration. summary: Create the org's auth org network configuration.
description: >- description: >-
This API returns the details of an org's network auth configuration. </br> This API returns the details of an org's network auth configuration.
Requires security scope of: 'sp:auth-org:create' Requires security scope of: 'sp:auth-org:create'
requestBody: requestBody:
required: true required: true
description: >- description: >-
Network configuration creation request body. </br> Network configuration creation request body. The following constraints
</br> ensure the request body conforms to certain logical guidelines, which are:
The following constraints ensure the request body conforms to certain logical guidelines, which are: 1. Each string element in the range array must be a valid ip address or
1. Each string element in the range array must be a valid ip address or ip subnet mask. ip subnet mask.
2. Each string element in the geolocation array must be 2 characters, and they can only be uppercase letters. 2. Each string element in the geolocation array must be 2 characters,
and they can only be uppercase letters.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/NetworkConfiguration.yaml' $ref: "../schemas/NetworkConfiguration.yaml"
responses: responses:
'200': "200":
description: Network configuration for the tenant. description: Network configuration for the tenant.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/NetworkConfiguration.yaml' $ref: "../schemas/NetworkConfiguration.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'404': "404":
$ref: '../../v3/responses/404.yaml' $ref: "../../v3/responses/404.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
# security: # security:
# - oauth2: [sp:auth-org:create] # - oauth2: [sp:auth-org:create]
patch: patch:
@@ -68,22 +69,26 @@ patch:
- Auth Org Configuration - Auth Org Configuration
summary: Update the org's auth org network configuration summary: Update the org's auth org network configuration
description: >- description: >-
This API updates an existing network configuration for an org using PATCH </br> This API updates an existing network configuration for an org using PATCH
Requires security scope of: 'sp:auth-org:update' Requires security scope of: 'sp:auth-org:update'
requestBody: requestBody:
required: true required: true
description: >- description: >-
A list of auth org network configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.<br/> A list of auth org network configuration update operations according to
<br/> the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Ensures that the patched Network Config conforms to certain logical guidelines, which are:
1. Each string element in the range array must be a valid ip address or ip subnet mask. Ensures that the patched Network Config conforms to certain logical
2. Each string element in the geolocation array must be 2 characters, and they can only be uppercase letters. guidelines, which are:
1. Each string element in the range array must be a valid ip address or
ip subnet mask.
2. Each string element in the geolocation array must be 2 characters,
and they can only be uppercase letters.
content: content:
application/json-patch+json: application/json-patch+json:
schema: schema:
type: array type: array
items: items:
$ref: '../schemas/JsonPatchOperation.yaml' $ref: "../schemas/JsonPatchOperation.yaml"
example: example:
- op: "replace" - op: "replace"
path: "/whitelisted" path: "/whitelisted"
@@ -92,21 +97,21 @@ patch:
path: "/geolocation" path: "/geolocation"
value: ["AF", "HN", "ES"] value: ["AF", "HN", "ES"]
responses: responses:
'200': "200":
description: Updated Auth Org network configuration. description: Updated Auth Org network configuration.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/NetworkConfiguration.yaml' $ref: "../schemas/NetworkConfiguration.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'404': "404":
$ref: '../../v3/responses/404.yaml' $ref: "../../v3/responses/404.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
# security: # security:
# - oauth2: [sp:auth-org:update] # - oauth2: [sp:auth-org:update]

110
static/api-specs/idn/beta/paths/auth-org-service-provider-config.yaml
View File

@@ -4,27 +4,27 @@ get:
- Auth Org Configuration - Auth Org Configuration
summary: Get Service Provider Configuration. summary: Get Service Provider Configuration.
description: >- description: >-
This API returns the details of an org's service provider auth configuration. </br> This API returns the details of an org's service provider auth
Requires security scope of: 'sp:auth-org:read' configuration. Requires security scope of: 'sp:auth-org:read'
responses: responses:
'200': "200":
description: Service provider configuration for the tenant. description: Service provider configuration for the tenant.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/ServiceProviderConfiguration.yaml' $ref: "../schemas/ServiceProviderConfiguration.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'404': "404":
$ref: '../../v3/responses/404.yaml' $ref: "../../v3/responses/404.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
# security: # security:
# - oauth2: [sp:auth-org:read] # - oauth2: [sp:auth-org:read]
patch: patch:
@@ -33,63 +33,73 @@ patch:
- Auth Org Configuration - Auth Org Configuration
summary: Update Service Provider Configuration summary: Update Service Provider Configuration
description: >- description: >-
This API updates an existing service provider configuration for an org using PATCH. </br> This API updates an existing service provider configuration for an org using
Requires security scope of: 'sp:auth-org:update' PATCH. Requires security scope of: 'sp:auth-org:update'
requestBody: requestBody:
required: true required: true
description: >- description: >-
A list of auth org service provider configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.<br/> A list of auth org service provider configuration update operations
<br/> according to the [JSON Patch](https://tools.ietf.org/html/rfc6902)
Note:<br/> standard.
/federationProtocolDetails/0 is IdpDetails<br/>
/federationProtocolDetails/1 is SpDetails<br/> Note: /federationProtocolDetails/0 is IdpDetails
<br/> /federationProtocolDetails/1 is SpDetails
Ensures that the patched ServiceProviderConfig conforms to certain logical guidelines, which are:
1. Do not add or remove any elements in the federation protocol details in the service provider configuration. Ensures that the patched ServiceProviderConfig conforms to certain logical
2. Do not modify, add, or delete the service provider details element in the federation protocol details. guidelines, which are:
3. If this is the first time the patched ServiceProviderConfig enables Remote IDP sign-in, it must also include IDPDetails. 1. Do not add or remove any elements in the federation protocol details
4. If the patch enables Remote IDP sign in, the entityID in the IDPDetails cannot be null. IDPDetails must include an entityID. in the service provider configuration.
2. Do not modify, add, or delete the service provider details element in
the federation protocol details.
3. If this is the first time the patched ServiceProviderConfig enables
Remote IDP sign-in, it must also include IDPDetails.
4. If the patch enables Remote IDP sign in, the entityID in the
IDPDetails cannot be null. IDPDetails must include an entityID.
5. Any JIT configuration update must be valid. 5. Any JIT configuration update must be valid.
Just in time configuration update must be valid when enabled. This includes: Just in time configuration update must be valid when enabled. This
includes:
- A Source ID - A Source ID
- Source attribute mappings - Source attribute mappings
- Source attribute maps have all the required key values (firstName, lastName, email) - Source attribute maps have all the required key values (firstName,
lastName, email)
content: content:
application/json-patch+json: application/json-patch+json:
schema: schema:
type: array type: array
items: items:
$ref: '../schemas/JsonPatchOperation.yaml' $ref: "../schemas/JsonPatchOperation.yaml"
example: example:
- op: "replace" - op: "replace"
path: "/enabled" path: "/enabled"
value: true, value: true,
- op: "add" - op: "add"
path: "/federationProtocolDetails/0/jitConfiguration" path: "/federationProtocolDetails/0/jitConfiguration"
value: { value:
{
"enabled": true, "enabled": true,
"sourceId": "2c9180857377ed2901739c12a2da5ac8", "sourceId": "2c9180857377ed2901739c12a2da5ac8",
"sourceAttributeMappings": { "sourceAttributeMappings":
{
"firstName": "okta.firstName", "firstName": "okta.firstName",
"lastName": "okta.lastName", "lastName": "okta.lastName",
"email": "okta.email", "email": "okta.email",
"employeeNumber": "okta.employeeNumber" "employeeNumber": "okta.employeeNumber",
} },
} }
responses: responses:
'200': "200":
description: Auth Org Service Provider configuration updated. description: Auth Org Service Provider configuration updated.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/ServiceProviderConfiguration.yaml' $ref: "../schemas/ServiceProviderConfiguration.yaml"
'400': "400":
description: Client Error - Returned if the request body is invalid. description: Client Error - Returned if the request body is invalid.
content: content:
application/json: application/json:
schema: schema:
$ref: '../../v3/schemas/ErrorResponseDto.yaml' $ref: "../../v3/schemas/ErrorResponseDto.yaml"
examples: examples:
400.1 Bad Request Content: 400.1 Bad Request Content:
description: Response for bad request content description: Response for bad request content
@@ -109,15 +119,15 @@ patch:
- locale: en - locale: en
localeOrigin: REQUEST localeOrigin: REQUEST
text: JIT source id is invalid. text: JIT source id is invalid.
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'404': "404":
$ref: '../../v3/responses/404.yaml' $ref: "../../v3/responses/404.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
# security: # security:
# - oauth2: [sp:auth-org:update] # - oauth2: [sp:auth-org:update]

91
static/api-specs/idn/beta/paths/auth-org-session-config.yaml
View File

@@ -4,23 +4,23 @@ get:
- Auth Org Configuration - Auth Org Configuration
summary: Get the org's auth org session configuration. summary: Get the org's auth org session configuration.
description: >- description: >-
This API returns the details of an org's session auth configuration. </br> This API returns the details of an org's session auth configuration.
Requires security scope of: 'sp:auth-org:read' Requires security scope of: 'sp:auth-org:read'
responses: responses:
'200': "200":
description: Session configuration for the tenant's auth org. description: Session configuration for the tenant's auth org.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/SessionConfiguration.yaml' $ref: "../schemas/SessionConfiguration.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'404': "404":
$ref: '../../v3/responses/404.yaml' $ref: "../../v3/responses/404.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
# security: # security:
# - oauth2: [sp:auth-org:read] # - oauth2: [sp:auth-org:read]
post: post:
@@ -29,38 +29,37 @@ post:
- Auth Org Configuration - Auth Org Configuration
summary: Create the org's auth org session configuration. summary: Create the org's auth org session configuration.
description: >- description: >-
This API returns the details of an org's session auth configuration. </br> This API returns the details of an org's session auth configuration.
Requires security scope of: 'sp:auth-org:create' Requires security scope of: 'sp:auth-org:create'
requestBody: requestBody:
required: true required: true
description: >- description: >-
Session configuration creation request body. </br> Session configuration creation request body. The following constraints
</br> ensure the request body conforms to certain logical guidelines, which are:
The following constraints ensure the request body conforms to certain logical guidelines, which are:
1. maxSessionTime >= 1 && maxSessionTime <= 10080 (1 week) 1. maxSessionTime >= 1 && maxSessionTime <= 10080 (1 week)
2. maxIdleTime >= 1 && maxIdleTime <= 1440 (1 day) 2. maxIdleTime >= 1 && maxIdleTime <= 1440 (1 day)
3. maxSessionTime must have a greater duration than maxIdleTime. 3. maxSessionTime must have a greater duration than maxIdleTime.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/SessionConfiguration.yaml' $ref: "../schemas/SessionConfiguration.yaml"
responses: responses:
'200': "200":
description: Session configuration for the tenant. description: Session configuration for the tenant.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/SessionConfiguration.yaml' $ref: "../schemas/SessionConfiguration.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'404': "404":
$ref: '../../v3/responses/404.yaml' $ref: "../../v3/responses/404.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
# security: # security:
# - oauth2: [sp:auth-org:create] # - oauth2: [sp:auth-org:create]
patch: patch:
@@ -69,14 +68,16 @@ patch:
- Auth Org Configuration - Auth Org Configuration
summary: Update the org's auth org session configuration summary: Update the org's auth org session configuration
description: >- description: >-
This API updates an existing session configuration for an org using PATCH </br> This API updates an existing session configuration for an org using PATCH
Requires security scope of: 'sp:auth-org:update' Requires security scope of: 'sp:auth-org:update'
requestBody: requestBody:
required: true required: true
description: >- description: >-
A list of auth org session configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.<br/> A list of auth org session configuration update operations according to
<br/> the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Ensures that the patched Session Config conforms to certain logical guidelines, which are:
Ensures that the patched Session Config conforms to certain logical
guidelines, which are:
1. maxSessionTime >= 1 && maxSessionTime <= 10080 (1 week) 1. maxSessionTime >= 1 && maxSessionTime <= 10080 (1 week)
2. maxIdleTime >= 1 && maxIdleTime <= 1440 (1 day) 2. maxIdleTime >= 1 && maxIdleTime <= 1440 (1 day)
3. maxSessionTime must have a greater duration than maxIdleTime. 3. maxSessionTime must have a greater duration than maxIdleTime.
@@ -85,7 +86,7 @@ patch:
schema: schema:
type: array type: array
items: items:
$ref: '../schemas/JsonPatchOperation.yaml' $ref: "../schemas/JsonPatchOperation.yaml"
example: example:
- op: "replace" - op: "replace"
path: "/rememberMe" path: "/rememberMe"
@@ -94,21 +95,21 @@ patch:
path: "/maxSessionTime" path: "/maxSessionTime"
value: 480 value: 480
responses: responses:
'200': "200":
description: Updated Auth Org session configuration. description: Updated Auth Org session configuration.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/SessionConfiguration.yaml' $ref: "../schemas/SessionConfiguration.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'404': "404":
$ref: '../../v3/responses/404.yaml' $ref: "../../v3/responses/404.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
# security: # security:
# - oauth2: [sp:auth-org:update] # - oauth2: [sp:auth-org:update]

46
static/api-specs/idn/beta/paths/authmfa/confirm-registration.yaml
View File

@@ -4,34 +4,40 @@ post:
- Auth MFA - Auth MFA
summary: Confirm a user's registration for MFA summary: Confirm a user's registration for MFA
description: >- description: >-
For a user who is not currently registered for MFA and who has just scanned the QR code containing the TOTP URL provided by the /generate-secret </br> For a user who is not currently registered for MFA and who has just scanned
endpoint, confirms registration for MFA by validating a new TOTP code generated by the authenticator used to scan the QR code containing the TOTP URL.</br> the QR code containing the TOTP URL provided by the /generate-secret
</br> endpoint, confirms registration for MFA by validating a new TOTP code
Request requires a unique header as proof of partial authentication. This header is called 'slpt-auth-mfa', and it must contain a special </br> generated by the authenticator used to scan the QR code containing the TOTP
MFA token for calling this endpoint. </br> URL.
</br>
While no specific right is required for a user to confirm registration, it is expected that the caller first make a request to the /generate-secret </br> Request requires a unique header as proof of partial authentication. This
endpoint so that a TOTP secret exists as a basis for registration confirmation. It is also assumed that the caller has previously verified that the user is </br> header is called 'slpt-auth-mfa', and it must contain a special MFA token
associated with an auth profile that has MFA enabled. for calling this endpoint.
While no specific right is required for a user to confirm registration, it
is expected that the caller first make a request to the /generate-secret
endpoint so that a TOTP secret exists as a basis for registration
confirmation. It is also assumed that the caller has previously verified
that the user is associated with an auth profile that has MFA enabled.
requestBody: requestBody:
description: Request body containing TOTP code to validate. description: Request body containing TOTP code to validate.
required: true required: true
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/TotpCodeRequest.yaml' $ref: "../../schemas/TotpCodeRequest.yaml"
responses: responses:
'200': "200":
description: Response indicating that the user's MFA has been verified. description: Response indicating that the user's MFA has been verified.
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/MfaVerificationResponse.yaml' $ref: "../../schemas/MfaVerificationResponse.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'429': "429":
$ref: '../../../v3/responses/429.yaml' $ref: "../../../v3/responses/429.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

54
static/api-specs/idn/beta/paths/authmfa/generate-mfa-token.yaml
View File

@@ -4,41 +4,41 @@ post:
- Auth MFA - Auth MFA
summary: Generate a special token for calling sp-mfa /totp/** APIs summary: Generate a special token for calling sp-mfa /totp/** APIs
description: >- description: >-
Generates an MFA token and establishes an unverified MFA-on-login context state. </br> Generates an MFA token and establishes an unverified MFA-on-login context state.
Callable by either an internal service or an authenticated user. </br> Callable by either an internal service or an authenticated user.
</br>
When called by an internal service, the calling service must present the target user's external id as the <code>requestedFor</code> value. </br> When called by an internal service, the calling service must present the target user's external id as the requestedFor value.
</br>
When called by an authenticated user, the proxying service must present "me" as the the <code>requestedFor</code> value. </br> When called by an authenticated user, the proxying service must present "me" as the the requestedFor value.
</br>
The following rights are required to access this endpoint: <code>sp:mfa-token-all:create</code>, <code>sp:mfa-token-self:create</code> </br> The following rights are required to access this endpoint: sp:mfa-token-all:create, sp:mfa-token-self:create
</br>
If an external id is presented as the request body's <code>requestedFor</code> value, the caller must possess the <code>sp:mfa-token-all:create</code> right. </br> If an external id is presented as the request body's requestedFor value, the caller must possess the sp:mfa-token-all:create right.
</br>
This implies that an internal service is obtaining an MFA token on behalf of a user. This implies that an internal service is obtaining an MFA token on behalf of a user.
requestBody: requestBody:
description: Request body containing <code>requestedFor</code> value. description: Request body containing requestedFor value.
required: true required: true
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/GetMfaTokenRequest.yaml' $ref: "../../schemas/GetMfaTokenRequest.yaml"
responses: responses:
'200': "200":
description: Response containing an MFA Token. description: Response containing an MFA Token.
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/GetMfaTokenResponse.yaml' $ref: "../../schemas/GetMfaTokenResponse.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'404': "404":
$ref: '../../../v3/responses/404.yaml' $ref: "../../../v3/responses/404.yaml"
'429': "429":
$ref: '../../../v3/responses/429.yaml' $ref: "../../../v3/responses/429.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

45
static/api-specs/idn/beta/paths/authmfa/generate-secret.yaml
View File

@@ -2,27 +2,34 @@ post:
operationId: authMfaGenerateSecret operationId: authMfaGenerateSecret
tags: tags:
- Auth MFA - Auth MFA
summary: Generate a TOTP secret embedded within a TOTP link for use with an authenticator summary:
Generate a TOTP secret embedded within a TOTP link for use with an
authenticator
description: >- description: >-
For a user who is not currently registered for MFA, generates a secret to share with the user's chosen authenticator app. </br> For a user who is not currently registered for MFA, generates a secret to
</br> share with the user's chosen authenticator app.
Request requires a unique header as proof of partial authentication called 'slpt-auth-mfa', and it must contain a special </br>
MFA token for calling this endpoint. </br> Request requires a unique header as proof of partial authentication called
</br> 'slpt-auth-mfa', and it must contain a special MFA token for calling this
While no specific right is required for a user to generate a secret, it is expected that the caller first verify that </br> endpoint.
the user is associated with an auth profile that has MFA enabled. </br>
While no specific right is required for a user to generate a secret, it is
expected that the caller first verify that the user is associated with an
auth profile that has MFA enabled.
responses: responses:
'200': "200":
description: Response containing user's username, a newly-generated secret, and a TOTP link for a QR code generator to use. description:
Response containing user's username, a newly-generated secret, and a
TOTP link for a QR code generator to use.
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/GetSecretResponse.yaml' $ref: "../../schemas/GetSecretResponse.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'429': "429":
$ref: '../../../v3/responses/429.yaml' $ref: "../../../v3/responses/429.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

44
static/api-specs/idn/beta/paths/authmfa/mfa-registration-reset.yaml
View File

@@ -4,15 +4,15 @@ post:
- Auth MFA - Auth MFA
summary: Disable a user's registration for MFA summary: Disable a user's registration for MFA
description: >- description: >-
Disables a user's registration for MFA. The specified user is tied to the `requestedFor` body param and can either be an external id, </br> Disables a user's registration for MFA. The specified user is tied to the `requestedFor` body param and can either be an external id,
when resetting the registration on someone else's behalf, or "me", when resetting the registration for one's self. </br> when resetting the registration on someone else's behalf, or "me", when resetting the registration for one's self.
</br>
Either of The following rights is necessary to access this endpoint: </br> Either of The following rights is necessary to access this endpoint:
<ul>
<li><code>sp:mfa-login-registration-reset-all:execute</code></li> - sp:mfa-login-registration-reset-all:execute
<li><code>sp:mfa-login-registration-reset-self:execute</code></li> - sp:mfa-login-registration-reset-self:execute
</ul>
</br>
The first right allows someone else or a system to reset a user's registration for MFA. The second right allows the user to reset his or her own registration for MFA. The first right allows someone else or a system to reset a user's registration for MFA. The second right allows the user to reset his or her own registration for MFA.
requestBody: requestBody:
description: MFA registration reset request body. description: MFA registration reset request body.
@@ -20,21 +20,21 @@ post:
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/MfaResetRequest.yaml' $ref: "../../schemas/MfaResetRequest.yaml"
responses: responses:
'200': "200":
description: Response indicating that the user is registered for MFA. description: Response indicating that the user is registered for MFA.
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/MfaRegistrationResponse.yaml' $ref: "../../schemas/MfaRegistrationResponse.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'429': "429":
$ref: '../../../v3/responses/429.yaml' $ref: "../../../v3/responses/429.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

28
static/api-specs/idn/beta/paths/authmfa/registration-status.yaml
View File

@@ -4,10 +4,10 @@ get:
- Auth MFA - Auth MFA
summary: Determine whether the user is registered for MFA summary: Determine whether the user is registered for MFA
description: >- description: >-
Gives the caller an indication of whether or not the user associated with the <code>externalId</code> path param is registered for MFA. </br> Gives the caller an indication of whether or not the user associated with the `externalId` path param is registered for MFA.
</br>
The following right is necessary to access this endpoint: <code>sp:mfa-login-registration:read</code>. </br> The following right is necessary to access this endpoint: `sp:mfa-login-registration:read`.
</br>
It is also assumed that the caller has previously verified that the user is associated with an auth profile that has MFA enabled. It is also assumed that the caller has previously verified that the user is associated with an auth profile that has MFA enabled.
parameters: parameters:
- in: path - in: path
@@ -18,17 +18,17 @@ get:
description: The user's external ID description: The user's external ID
example: 2c9180867b50d088017b554662fb281e example: 2c9180867b50d088017b554662fb281e
responses: responses:
'200': "200":
description: Response indicating that the user is registered for MFA. description: Response indicating that the user is registered for MFA.
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/MfaRegistrationResponse.yaml' $ref: "../../schemas/MfaRegistrationResponse.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'429': "429":
$ref: '../../../v3/responses/429.yaml' $ref: "../../../v3/responses/429.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

40
static/api-specs/idn/beta/paths/authmfa/verify-code.yaml
View File

@@ -4,32 +4,36 @@ post:
- Auth MFA - Auth MFA
summary: Validate a TOTP code generated by a user's authenticator summary: Validate a TOTP code generated by a user's authenticator
description: >- description: >-
For a user who is registered for MFA, validates a TOTP code generated by the user's authenticator. </br> For a user who is registered for MFA, validates a TOTP code generated by the
</br> user's authenticator.
Request requires a unique header as proof of partial authentication. This header is called 'slpt-auth-mfa', and it must contain a special </br>
MFA token for calling this endpoint. </br> Request requires a unique header as proof of partial authentication. This
</br> header is called 'slpt-auth-mfa', and it must contain a special MFA token
While no specific right is required for a user to have a TOTP code verified, it is assumed that the caller has previously verified that the user is </br> for calling this endpoint.
associated with an auth profile that has MFA enabled and that the user has already registered an authenticator for multi-factor authentication.
While no specific right is required for a user to have a TOTP code verified,
it is assumed that the caller has previously verified that the user is
associated with an auth profile that has MFA enabled and that the user has
already registered an authenticator for multi-factor authentication.
requestBody: requestBody:
description: Request body containing TOTP code to validate. description: Request body containing TOTP code to validate.
required: true required: true
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/TotpCodeRequest.yaml' $ref: "../../schemas/TotpCodeRequest.yaml"
responses: responses:
'200': "200":
description: Response indicating that the user's MFA has been verified. description: Response indicating that the user's MFA has been verified.
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/MfaVerificationResponse.yaml' $ref: "../../schemas/MfaVerificationResponse.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'429': "429":
$ref: '../../../v3/responses/429.yaml' $ref: "../../../v3/responses/429.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

34
static/api-specs/idn/beta/paths/ears-entitlement-bulk-update.yaml
View File

@@ -10,10 +10,10 @@ post:
The number of entitlements to update is limited to 50 items maximum. The number of entitlements to update is limited to 50 items maximum.
The JsonPatch update follows the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.<br/> The JsonPatch update follows the [JSON
allowed operations :<br/> Patch](https://tools.ietf.org/html/rfc6902) standard. allowed operations :
**{ "op": "replace", "path": "/privileged", "value": boolean }** <br/> **{ "op": "replace", "path": "/privileged", "value": boolean }** **{ "op":
**{ "op": "replace", "path": "/requestable","value": boolean }** <br/> "replace", "path": "/requestable","value": boolean }**
A token with ORG_ADMIN or API authority is required to call this API. A token with ORG_ADMIN or API authority is required to call this API.
@@ -22,17 +22,17 @@ post:
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/EntitlementBulkUpdateRequest.yaml' $ref: "../schemas/EntitlementBulkUpdateRequest.yaml"
responses: responses:
'204': "204":
$ref: '../../v3/responses/204.yaml' $ref: "../../v3/responses/204.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"

36
static/api-specs/idn/beta/paths/mfa-config-test.yaml
View File

@@ -4,8 +4,9 @@ get:
- MFA Configuration - MFA Configuration
summary: Test configuration of a MFA method summary: Test configuration of a MFA method
description: >- description: >-
This API validates that the configuration is valid and will properly authenticate with the MFA provider identified by the method path parameter. This API validates that the configuration is valid and will properly
</br> authenticate with the MFA provider identified by the method path parameter.
A token with ORG_ADMIN authority is required to call this API. A token with ORG_ADMIN authority is required to call this API.
security: security:
- oauth2: [idn:mfa-config:read] - oauth2: [idn:mfa-config:read]
@@ -18,27 +19,22 @@ get:
required: true required: true
description: >- description: >-
The name of the MFA method. The name of the MFA method.
</br>
The currently supported method name is okta-verify. The currently supported method name is okta-verify.
responses: responses:
'200': "200":
description: The result of configuration test for the MFA provider. description: The result of configuration test for the MFA provider.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/MfaConfigTestResponse.yaml' $ref: "../schemas/MfaConfigTestResponse.yaml"
example: example: { "state": "SUCCESS", "error": null }
{ "400":
"state": "SUCCESS", $ref: "../../v3/responses/400.yaml"
"error": null "401":
} $ref: "../../v3/responses/401.yaml"
'400': "403":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/403.yaml"
'401': "429":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/429.yaml"
'403': "500":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/500.yaml"
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

60
static/api-specs/idn/beta/paths/mfa-config.yaml
View File

@@ -5,7 +5,6 @@ get:
summary: Get configuration of a MFA method summary: Get configuration of a MFA method
description: >- description: >-
This API returns the configuration of a given MFA method. This API returns the configuration of a given MFA method.
</br>
A token with ORG_ADMIN authority is required to call this API. A token with ORG_ADMIN authority is required to call this API.
security: security:
- oauth2: [idn:mfa-config:read] - oauth2: [idn:mfa-config:read]
@@ -18,32 +17,31 @@ get:
required: true required: true
description: >- description: >-
The name of the MFA method. The name of the MFA method.
</br>
The currently supported method name is okta-verify. The currently supported method name is okta-verify.
responses: responses:
'200': "200":
description: MFA configuration of a given method. description: MFA configuration of a given method.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/MfaConfig.yaml' $ref: "../schemas/MfaConfig.yaml"
example: example:
{ {
"enabled": true, "enabled": true,
"host": "www.example.com", "host": "www.example.com",
"accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y", "accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y",
"identityAttribute": "email" "identityAttribute": "email",
} }
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
put: put:
operationId: setMFAConfig operationId: setMFAConfig
@@ -52,7 +50,6 @@ put:
summary: Set configuration of a MFA method summary: Set configuration of a MFA method
description: >- description: >-
This API sets the configuration of a given MFA method. This API sets the configuration of a given MFA method.
</br>
A token with ORG_ADMIN authority is required to call this API. A token with ORG_ADMIN authority is required to call this API.
security: security:
- oauth2: [idn:mfa-config:write] - oauth2: [idn:mfa-config:write]
@@ -65,42 +62,41 @@ put:
required: true required: true
description: >- description: >-
The name of the MFA method. The name of the MFA method.
</br>
The currently supported method name is okta-verify. The currently supported method name is okta-verify.
requestBody: requestBody:
required: true required: true
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/MfaConfig.yaml' $ref: "../schemas/MfaConfig.yaml"
example: example:
{ {
"enabled": true, "enabled": true,
"host": "www.example.com", "host": "www.example.com",
"accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y", "accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y",
"identityAttribute": "email" "identityAttribute": "email",
} }
responses: responses:
'200': "200":
description: MFA configuration of a given method. description: MFA configuration of a given method.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/MfaConfig.yaml' $ref: "../schemas/MfaConfig.yaml"
example: example:
{ {
"enabled": true, "enabled": true,
"host": "www.example.com", "host": "www.example.com",
"accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y", "accessKey": "dk778Y3QlA5UqocYpdU3rEkzrK2D497y",
"identityAttribute": "email" "identityAttribute": "email",
} }
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"

46
static/api-specs/idn/beta/paths/non-employee-approval-list.yaml
View File

@@ -14,21 +14,23 @@ get:
schema: schema:
type: string type: string
description: >- description: >-
The identity for whom the request was made. *me* indicates the current user. The identity for whom the request was made. *me* indicates the current
user.
required: false required: false
- $ref: '../../v3/parameters/limit.yaml' - $ref: "../../v3/parameters/limit.yaml"
- $ref: '../../v3/parameters/offset.yaml' - $ref: "../../v3/parameters/offset.yaml"
- $ref: '../../v3/parameters/count.yaml' - $ref: "../../v3/parameters/count.yaml"
- in: query - in: query
example: "filters=approvalStatus eq 'PENDING'" example: "filters=approvalStatus eq 'PENDING'"
name: filters name: filters
schema: schema:
type: string type: string
description: >- description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)<br/><br/> Filter results using the standard syntax described in [V3 API Standard
Filtering is supported for the following fields and operators:<br/><br/> Collection
**approvalStatus**: *eq* <br/><br/> Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
*Example:* approvalStatus eq "PENDING" Filtering is supported for the following fields and operators:
**approvalStatus**: *eq* *Example:* approvalStatus eq "PENDING"
- in: query - in: query
example: "sorters=-created" example: "sorters=-created"
name: sorters name: sorters
@@ -36,25 +38,27 @@ get:
type: string type: string
format: comma-separated format: comma-separated
description: >- description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)<br/><br/> Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created, modified** Sorting is supported for the following fields: **created, modified**
responses: responses:
'200': "200":
description: List of approval items. description: List of approval items.
content: content:
application/json: application/json:
schema: schema:
type: array type: array
items: items:
$ref: '../schemas/NonEmployeeApprovalItem.yaml' $ref: "../schemas/NonEmployeeApprovalItem.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"

38
static/api-specs/idn/beta/paths/non-employee-approval-summary.yaml
View File

@@ -6,10 +6,13 @@ get:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Get Summary of Non-Employee Approval Requests summary: Get Summary of Non-Employee Approval Requests
description: >- description: >-
This request will retrieve a summary of non-employee approval requests.<br><br> This request will retrieve a summary of non-employee approval requests.
There are two contextual uses for the `requested-for` path parameter:<br> There are two contextual uses for the `requested-for` path parameter: 1. The
1. The current user is the Org Admin, in which case he or she may request a summary of all non-employee approval requests assigned to a particular approver by passing in that approver's id.<br> current user is the Org Admin, in which case he or she may request a summary
2. The current user is an approver, in which case "me" should be provided as the `requested-for` value. This will provide the approver with a summary of the approval items assigned to him or her. of all non-employee approval requests assigned to a particular approver by
passing in that approver's id. 2. The current user is an approver, in which
case "me" should be provided as the `requested-for` value. This will provide
the approver with a summary of the approval items assigned to him or her.
parameters: parameters:
- in: path - in: path
example: "ac10d20a-841e-1e7d-8184-32d2e22c0179" example: "ac10d20a-841e-1e7d-8184-32d2e22c0179"
@@ -17,22 +20,23 @@ get:
schema: schema:
type: string type: string
description: >- description: >-
The identity (UUID) of the approver for whom for whom the summary is being retrieved. Use "me" instead to indicate the current user. The identity (UUID) of the approver for whom for whom the summary is
being retrieved. Use "me" instead to indicate the current user.
required: true required: true
responses: responses:
'200': "200":
description: summary of non-employee approval requests description: summary of non-employee approval requests
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/NonEmployeeApprovalSummary.yaml' $ref: "../schemas/NonEmployeeApprovalSummary.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"

74
static/api-specs/idn/beta/paths/non-employee-records.yaml
View File

@@ -18,24 +18,24 @@ post:
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/NonEmployeeRequestBody.yaml' $ref: "../schemas/NonEmployeeRequestBody.yaml"
responses: responses:
'200': "200":
description: Created non-employee record. description: Created non-employee record.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/NonEmployeeRecord.yaml' $ref: "../schemas/NonEmployeeRecord.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
get: get:
operationId: nonEmployeeRecordList operationId: nonEmployeeRecordList
security: security:
@@ -46,9 +46,9 @@ get:
description: >- description: >-
This gets a list of non-employee records. This gets a list of non-employee records.
parameters: parameters:
- $ref: '../../v3/parameters/limit.yaml' - $ref: "../../v3/parameters/limit.yaml"
- $ref: '../../v3/parameters/offset.yaml' - $ref: "../../v3/parameters/offset.yaml"
- $ref: '../../v3/parameters/count.yaml' - $ref: "../../v3/parameters/count.yaml"
- in: query - in: query
required: false required: false
name: sorters name: sorters
@@ -57,8 +57,12 @@ get:
format: comma-separated format: comma-separated
example: accountName,sourceId example: accountName,sourceId
description: >- description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)<br/><br/> Sort results using the standard syntax described in [V3 API Standard
Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified** Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id, accountName,
sourceId, manager, firstName, lastName, email, phone, startDate,
endDate, created, modified**
- in: query - in: query
name: filters name: filters
required: false required: false
@@ -66,26 +70,28 @@ get:
type: string type: string
example: sourceId eq "2c91808568c529c60168cca6f90c1313" example: sourceId eq "2c91808568c529c60168cca6f90c1313"
description: >- description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)<br/><br/> Filter results using the standard syntax described in [V3 API Standard
Filtering is supported for the following fields and operators:<br/><br/> Collection
**sourceId**: *eq* <br/><br/> Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
*Example:* sourceId eq "2c91808568c529c60168cca6f90c1313" Filtering is supported for the following fields and operators:
**sourceId**: *eq* *Example:* sourceId eq
"2c91808568c529c60168cca6f90c1313"
responses: responses:
'200': "200":
description: Non-Employee record objects description: Non-Employee record objects
content: content:
application/json: application/json:
schema: schema:
type: array type: array
items: items:
$ref: '../schemas/NonEmployeeRecord.yaml' $ref: "../schemas/NonEmployeeRecord.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"

40
static/api-specs/idn/beta/paths/non-employee-request-summary-get.yaml
View File

@@ -6,34 +6,40 @@ get:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Get Summary of Non-Employee Requests summary: Get Summary of Non-Employee Requests
description: >- description: >-
This request will retrieve a summary of non-employee requests.<br><br> This request will retrieve a summary of non-employee requests. There are two
There are two contextual uses for the `requested-for` path parameter:<br> contextual uses for the `requested-for` path parameter: 1. The current user
1. The current user is the Org Admin, in which case he or she may request a summary of all non-employee approval requests assigned to a particular account manager by passing in that manager's id.<br> is the Org Admin, in which case he or she may request a summary of all
2. The current user is an account manager, in which case "me" should be provided as the `requested-for` value. This will provide the user with a summary of the non-employee requests in the source(s) he or she manages. non-employee approval requests assigned to a particular account manager by
passing in that manager's id. 2. The current user is an account manager, in
which case "me" should be provided as the `requested-for` value. This will
provide the user with a summary of the non-employee requests in the
source(s) he or she manages.
parameters: parameters:
- in: path - in: path
example: "ac10d20a-841e-1e7d-8184-32d2e22c0179" example: "ac10d20a-841e-1e7d-8184-32d2e22c0179"
name: requested-for name: requested-for
description: >- description: >-
The identity (UUID) of the non-employee account manager for whom the summary is being retrieved. Use "me" instead to indicate the current user. The identity (UUID) of the non-employee account manager for whom the
summary is being retrieved. Use "me" instead to indicate the current
user.
required: true required: true
schema: schema:
type: string type: string
format: uuid (if user is Org Admin) format: uuid (if user is Org Admin)
responses: responses:
'200': "200":
description: Non-Employee request summary object. description: Non-Employee request summary object.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/NonEmployeeRequestSummary.yaml' $ref: "../schemas/NonEmployeeRequestSummary.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"

81
static/api-specs/idn/beta/paths/non-employee-requests.yaml
View File

@@ -13,20 +13,20 @@ post:
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/NonEmployeeRequestBody.yaml' $ref: "../schemas/NonEmployeeRequestBody.yaml"
responses: responses:
'200': "200":
description: Non-Employee request creation object description: Non-Employee request creation object
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/NonEmployeeRequest.yaml' $ref: "../schemas/NonEmployeeRequest.yaml"
'400': "400":
description: Client Error - Returned if the request body is invalid. description: Client Error - Returned if the request body is invalid.
content: content:
application/json: application/json:
schema: schema:
$ref: '../../v3/schemas/ErrorResponseDto.yaml' $ref: "../../v3/schemas/ErrorResponseDto.yaml"
examples: examples:
400.1 Bad Request Content: 400.1 Bad Request Content:
description: Response for bad request content description: Response for bad request content
@@ -45,15 +45,17 @@ post:
messages: messages:
- locale: en - locale: en
localeOrigin: REQUEST localeOrigin: REQUEST
text: Unable to create Non-Employee because the accountName "existed" is already being used. text:
'401': Unable to create Non-Employee because the accountName
$ref: '../../v3/responses/401.yaml' "existed" is already being used.
'403': "401":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/401.yaml"
'429': "403":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/403.yaml"
'500': "429":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
get: get:
operationId: nonEmployeeRequestList operationId: nonEmployeeRequestList
security: security:
@@ -64,9 +66,9 @@ get:
description: >- description: >-
This gets a list of non-employee requests. This gets a list of non-employee requests.
parameters: parameters:
- $ref: '../../v3/parameters/limit.yaml' - $ref: "../../v3/parameters/limit.yaml"
- $ref: '../../v3/parameters/offset.yaml' - $ref: "../../v3/parameters/offset.yaml"
- $ref: '../../v3/parameters/count.yaml' - $ref: "../../v3/parameters/count.yaml"
- in: query - in: query
name: requested-for name: requested-for
required: true required: true
@@ -74,7 +76,8 @@ get:
type: string type: string
example: me example: me
description: >- description: >-
The identity for whom the request was made. *me* indicates the current user. The identity for whom the request was made. *me* indicates the current
user.
- in: query - in: query
name: sorters name: sorters
required: false required: false
@@ -83,8 +86,12 @@ get:
format: comma-separated format: comma-separated
example: approvalStatus,firstName example: approvalStatus,firstName
description: >- description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)<br/><br/> Sort results using the standard syntax described in [V3 API Standard
Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate** Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **created,
approvalStatus, firstName, lastName, email, phone, accountName,
startDate, endDate**
- in: query - in: query
name: filters name: filters
required: false required: false
@@ -92,26 +99,28 @@ get:
type: string type: string
example: sourceId eq "2c91808568c529c60168cca6f90c1313" example: sourceId eq "2c91808568c529c60168cca6f90c1313"
description: >- description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)<br/><br/> Filter results using the standard syntax described in [V3 API Standard
Filtering is supported for the following fields and operators:<br/><br/> Collection
**sourceId**: *eq* <br/><br/> Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
*Example:* sourceId eq "2c91808568c529c60168cca6f90c1313" Filtering is supported for the following fields and operators:
**sourceId**: *eq* *Example:* sourceId eq
"2c91808568c529c60168cca6f90c1313"
responses: responses:
'200': "200":
description: List of non-employee request objects. description: List of non-employee request objects.
content: content:
application/json: application/json:
schema: schema:
type: array type: array
items: items:
$ref: '../schemas/NonEmployeeRequest.yaml' $ref: "../schemas/NonEmployeeRequest.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"

88
static/api-specs/idn/beta/paths/non-employee-source.yaml
View File

@@ -17,22 +17,22 @@ get:
schema: schema:
type: string type: string
responses: responses:
'200': "200":
description: Non-Employee source object. description: Non-Employee source object.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/NonEmployeeSource.yaml' $ref: "../schemas/NonEmployeeSource.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
patch: patch:
operationId: nonEmployeeSourcePatch operationId: nonEmployeeSourcePatch
security: security:
@@ -41,8 +41,8 @@ patch:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Patch a Non-Employee Source summary: Patch a Non-Employee Source
description: >- description: >-
patch a non-employee source. (Partial Update) <br/> patch a non-employee source. (Partial Update) Patchable field: **name,
Patchable field: **name, description, approvers, accountManagers** description, approvers, accountManagers**
Request will require the following security scope: Request will require the following security scope:
@@ -56,38 +56,44 @@ patch:
schema: schema:
type: string type: string
requestBody: requestBody:
description: A list of non-employee source update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. description:
A list of non-employee source update operations according to the [JSON
Patch](https://tools.ietf.org/html/rfc6902) standard.
required: true required: true
content: content:
application/json-patch+json: application/json-patch+json:
schema: schema:
type: array type: array
items: items:
$ref: '../schemas/JsonPatchOperation.yaml' $ref: "../schemas/JsonPatchOperation.yaml"
example: example:
- op: "replace" - op: "replace"
path: "/name" path: "/name"
value: { "new name" } value: { "new name" }
- op: "replace" - op: "replace"
path: "/approvers" path: "/approvers"
value: [ "2c91809f703bb37a017040a2fe8748c7", "48b1f463c9e8427db5a5071bd81914b8" ] value:
[
"2c91809f703bb37a017040a2fe8748c7",
"48b1f463c9e8427db5a5071bd81914b8",
]
responses: responses:
'200': "200":
description: A patched non-employee source object. description: A patched non-employee source object.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/NonEmployeeSource.yaml' $ref: "../schemas/NonEmployeeSource.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
delete: delete:
operationId: nonEmployeeSourceDelete operationId: nonEmployeeSourceDelete
security: security:
@@ -110,15 +116,15 @@ delete:
schema: schema:
type: string type: string
responses: responses:
'204': "204":
$ref: '../../v3/responses/204.yaml' $ref: "../../v3/responses/204.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"

66
static/api-specs/idn/beta/paths/non-employee-sources.yaml
View File

@@ -17,24 +17,24 @@ post:
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/NonEmployeeSourceRequestBody.yaml' $ref: "../schemas/NonEmployeeSourceRequestBody.yaml"
responses: responses:
'200': "200":
description: Created non-employee source. description: Created non-employee source.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/NonEmployeeSourceWithCloudExternalId.yaml' $ref: "../schemas/NonEmployeeSourceWithCloudExternalId.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
get: get:
operationId: nonEmployeeSourcesList operationId: nonEmployeeSourcesList
security: security:
@@ -45,9 +45,9 @@ get:
description: >- description: >-
This gets a list of non-employee sources. This gets a list of non-employee sources.
parameters: parameters:
- $ref: '../../v3/parameters/limit.yaml' - $ref: "../../v3/parameters/limit.yaml"
- $ref: '../../v3/parameters/offset.yaml' - $ref: "../../v3/parameters/offset.yaml"
- $ref: '../../v3/parameters/count.yaml' - $ref: "../../v3/parameters/count.yaml"
- in: query - in: query
required: true required: true
name: requested-for name: requested-for
@@ -55,7 +55,8 @@ get:
schema: schema:
type: string type: string
description: >- description: >-
The identity for whom the request was made. *me* indicates the current user. The identity for whom the request was made. *me* indicates the current
user.
- in: query - in: query
required: true required: true
name: non-employee-count name: non-employee-count
@@ -63,7 +64,8 @@ get:
schema: schema:
type: boolean type: boolean
description: >- description: >-
The flag to determine whether return a non-employee count associate with source. The flag to determine whether return a non-employee count associate with
source.
- in: query - in: query
name: sorters name: sorters
required: false required: false
@@ -72,24 +74,26 @@ get:
format: comma-separated format: comma-separated
example: name,created example: name,created
description: >- description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)<br/><br/> Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created** Sorting is supported for the following fields: **name, created**
responses: responses:
'200': "200":
description: List of non-employee sources objects. description: List of non-employee sources objects.
content: content:
application/json: application/json:
schema: schema:
type: array type: array
items: items:
$ref: '../schemas/NonEmployeeSourceWithNECount.yaml' $ref: "../schemas/NonEmployeeSourceWithNECount.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"

40
static/api-specs/idn/beta/paths/personal-access-token.yaml
View File

@@ -4,14 +4,14 @@ delete:
- Personal Access Tokens - Personal Access Tokens
summary: Delete Personal Access Token summary: Delete Personal Access Token
description: >- description: >-
This deletes a personal access token </br> This deletes a personal access token
</br>
Any of the following rights are required to access this resource: Any of the following rights are required to access this resource:
<ul>
<li>idn:my-personal-access-tokens:delete</li> - idn:my-personal-access-tokens:delete
<li>idn:all-personal-access-tokens:delete</li> - idn:all-personal-access-tokens:delete
<li>idn:managed-personal-access-tokens:delete</li> - idn:managed-personal-access-tokens:delete
</ul>
parameters: parameters:
- in: path - in: path
name: id name: id
@@ -21,17 +21,17 @@ delete:
description: The personal access token id description: The personal access token id
example: ef38f94347e94562b5bb8424a56397d8 example: ef38f94347e94562b5bb8424a56397d8
responses: responses:
'204': "204":
description: No content. description: No content.
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'404': "404":
$ref: '../../v3/responses/404.yaml' $ref: "../../v3/responses/404.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"

100
static/api-specs/idn/beta/paths/personal-access-tokens.yaml
View File

@@ -4,27 +4,27 @@ get:
- Personal Access Tokens - Personal Access Tokens
summary: List Personal Access Tokens summary: List Personal Access Tokens
description: >- description: >-
This gets a collection of personal access tokens associated with the optional <code>owner-id</code>. </br> This gets a collection of personal access tokens associated with the optional `owner-id`.
query parameter. If the <code>owner-id</code> query parameter is omitted, all personal access tokens </br> query parameter. If the `owner-id` query parameter is omitted, all personal access tokens
for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right. </br> for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right.
</br>
Any of the following rights are required to access this resource: Any of the following rights are required to access this resource:
<ul>
<li>idn:my-personal-access-tokens:read</li> - idn:my-personal-access-tokens:read
<li>idn:all-personal-access-tokens:read</li> - idn:all-personal-access-tokens:read
<li>idn:managed-personal-access-tokens:read</li> - idn:managed-personal-access-tokens:read
</ul>
parameters: parameters:
- in: query - in: query
name: owner-id name: owner-id
description: >- description: >-
The identity ID of the owner whose personal access tokens should be listed. </br> The identity ID of the owner whose personal access tokens should be listed.
If "me", the caller should have the following right: 'idn:my-personal-access-tokens:read'</br> If "me", the caller should have the following right: 'idn:my-personal-access-tokens:read'
</br>
If an actual owner ID or if the <code>owner-id</code> parameter is omitted in the request, </br> If an actual owner ID or if the `owner-id` parameter is omitted in the request,
the caller should have the following right: 'idn:all-personal-access-tokens:read'. </br> the caller should have the following right: 'idn:all-personal-access-tokens:read'.
</br>
If the caller has the following right, then managed personal access tokens associated with <code>owner-id</code> </br> If the caller has the following right, then managed personal access tokens associated with `owner-id`
will be retrieved: 'idn:managed-personal-access-tokens:read' will be retrieved: 'idn:managed-personal-access-tokens:read'
required: false required: false
schema: schema:
@@ -32,59 +32,61 @@ get:
default: null default: null
example: 2c9180867b50d088017b554662fb281e example: 2c9180867b50d088017b554662fb281e
responses: responses:
'200': "200":
description: List of personal access tokens. description: List of personal access tokens.
content: content:
application/json: application/json:
schema: schema:
type: array type: array
items: items:
$ref: '../schemas/GetPersonalAccessTokenResponse.yaml' $ref: "../schemas/GetPersonalAccessTokenResponse.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
post: post:
operationId: createPersonalAccessToken operationId: createPersonalAccessToken
tags: tags:
- Personal Access Tokens - Personal Access Tokens
summary: Create Personal Access Token summary: Create Personal Access Token
description: >- description: >-
This creates a personal access token. </br> This creates a personal access token.
</br>
Any of the following rights are required to access this resource: Any of the following rights are required to access this resource:
<ul>
<li>idn:my-personal-access-tokens:create</li> - idn:my-personal-access-tokens:create
<li>idn:all-personal-access-tokens:create</li> - idn:all-personal-access-tokens:create
<li>idn:managed-personal-access-tokens:create</li> - idn:managed-personal-access-tokens:create
</ul>
requestBody: requestBody:
description: Name and scope of personal access token. description: Name and scope of personal access token.
required: true required: true
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/CreatePersonalAccessTokenRequest.yaml' $ref: "../schemas/CreatePersonalAccessTokenRequest.yaml"
responses: responses:
'200': "200":
description: Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed. description:
Created. Note - this is the only time Personal Access Tokens' secret
attribute will be displayed.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/CreatePersonalAccessTokenResponse.yaml' $ref: "../schemas/CreatePersonalAccessTokenResponse.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"

70
static/api-specs/idn/beta/paths/sod-exceptions.yaml
View File

@@ -15,23 +15,23 @@ post:
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/sod/models/Exception.yaml' $ref: "../schemas/sod/models/Exception.yaml"
examples: examples:
Exception created: Exception created:
$ref: '../schemas/sod/examples/exception-body.yaml' $ref: "../schemas/sod/examples/exception-body.yaml"
responses: responses:
'201': "201":
$ref: '../schemas/sod/responses/201.yaml' $ref: "../schemas/sod/responses/201.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
get: get:
operationId: listSodExceptions operationId: listSodExceptions
tags: tags:
@@ -45,23 +45,23 @@ get:
A token with API authority is required to call this API. A token with API authority is required to call this API.
parameters: parameters:
- $ref: '../../v3/parameters/limit.yaml' - $ref: "../../v3/parameters/limit.yaml"
- $ref: '../../v3/parameters/offset.yaml' - $ref: "../../v3/parameters/offset.yaml"
- $ref: '../../v3/parameters/count.yaml' - $ref: "../../v3/parameters/count.yaml"
- in: query - in: query
name: filters name: filters
schema: schema:
type: string type: string
description: >- description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filter results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators: Filtering is supported for the following fields and operators:
**id**: *eq, in* <br/> **id**: *eq, in* **sodPolicy.id**: *eq, in* **identity.id**: *eq, in*
**sodPolicy.id**: *eq, in* <br/>
**identity.id**: *eq, in*
example: identity.id eq "bc693f07e7b645539626c25954c58554" example: identity.id eq "bc693f07e7b645539626c25954c58554"
required: false required: false
- in: query - in: query
@@ -70,7 +70,9 @@ get:
type: string type: string
format: comma-separated format: comma-separated
description: >- description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: Sorting is supported for the following fields:
@@ -80,15 +82,15 @@ get:
example: identity.id,-start example: identity.id,-start
required: false required: false
responses: responses:
'200': "200":
$ref: '../schemas/sod/responses/200-list.yaml' $ref: "../schemas/sod/responses/200-list.yaml"
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"

289
static/api-specs/idn/beta/paths/sod-policies.yaml
View File

@@ -6,7 +6,9 @@ post:
# security: # security:
# - oauth2: [ORG_ADMIN] # - oauth2: [ORG_ADMIN]
description: >- description: >-
This creates both General and Conflicting Access Based policy, with a limit of 50 entitlements for each (left & right) criteria for Conflicting Access Based SOD policy This creates both General and Conflicting Access Based policy, with a limit
of 50 entitlements for each (left & right) criteria for Conflicting Access
Based SOD policy
Requires role of ORG_ADMIN Requires role of ORG_ADMIN
requestBody: requestBody:
@@ -14,74 +16,85 @@ post:
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/SodPolicy.yaml' $ref: "../schemas/SodPolicy.yaml"
examples: examples:
Conflicting Access Based Policy: Conflicting Access Based Policy:
value: value:
{ {
"name": "Conflicting-Policy-Name", "name": "Conflicting-Policy-Name",
"description": "This policy ensures compliance of xyz", "description": "This policy ensures compliance of xyz",
"ownerRef": { "ownerRef":
{
"type": "IDENTITY", "type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313", "id": "2c91808568c529c60168cca6f90c1313",
"name": "Owner Name" "name": "Owner Name",
}, },
"externalPolicyReference": "XYZ policy", "externalPolicyReference": "XYZ policy",
"compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee", "compensatingControls":
"correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.", 'Have a manager review the transaction decisions for their
"out of compliance" employee',
"correctionAdvice":
"Based on the role of the employee, managers should remove
access that is not required for their job function.",
"state": "ENFORCED", "state": "ENFORCED",
"tags": [ "tags": ["string"],
"string"
],
"creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"violationOwnerAssignmentConfig": { "violationOwnerAssignmentConfig":
{
"assignmentRule": "MANAGER", "assignmentRule": "MANAGER",
"ownerRef": { "ownerRef":
{
"type": "IDENTITY", "type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313", "id": "2c91808568c529c60168cca6f90c1313",
"name": "Violation Owner Name" "name": "Violation Owner Name",
} },
}, },
"scheduled": true, "scheduled": true,
"type": "CONFLICTING_ACCESS_BASED", "type": "CONFLICTING_ACCESS_BASED",
"conflictingAccessCriteria": { "conflictingAccessCriteria":
"leftCriteria": { {
"leftCriteria":
{
"name": "money-in", "name": "money-in",
"criteriaList": [ "criteriaList":
[
{ {
"type": "ENTITLEMENT", "type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a66" "id": "2c9180866166b5b0016167c32ef31a66",
}, },
{ {
"type": "ENTITLEMENT", "type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a67" "id": "2c9180866166b5b0016167c32ef31a67",
}
]
}, },
"rightCriteria": { ],
},
"rightCriteria":
{
"name": "money-out", "name": "money-out",
"criteriaList": [ "criteriaList":
[
{ {
"type": "ENTITLEMENT", "type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a68" "id": "2c9180866166b5b0016167c32ef31a68",
}, },
{ {
"type": "ENTITLEMENT", "type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a69" "id": "2c9180866166b5b0016167c32ef31a69",
} },
] ],
} },
} },
} }
General Policy: General Policy:
value: value:
{ {
"description": "Description", "description": "Description",
"ownerRef": { "ownerRef":
{
"type": "IDENTITY", "type": "IDENTITY",
"id": "2c918087682f9a86016839c05e8f1aff", "id": "2c918087682f9a86016839c05e8f1aff",
"name": "Owner Name" "name": "Owner Name",
}, },
"externalPolicyReference": "New policy", "externalPolicyReference": "New policy",
"policyQuery": "policy query implementation", "policyQuery": "policy query implementation",
@@ -93,15 +106,15 @@ post:
"creatorId": "2c918087682f9a86016839c05e8f1aff", "creatorId": "2c918087682f9a86016839c05e8f1aff",
"modifierId": null, "modifierId": null,
"violationOwnerAssignmentConfig": null, "violationOwnerAssignmentConfig": null,
"name": "General-Policy-Name" "name": "General-Policy-Name",
} }
responses: responses:
'201': "201":
description: SOD policy created description: SOD policy created
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/SodPolicy.yaml' $ref: "../schemas/SodPolicy.yaml"
examples: examples:
Conflicting Access Based Policy: Conflicting Access Based Policy:
value: value:
@@ -111,68 +124,83 @@ post:
"created": "2020-01-01T00:00:00.000000Z", "created": "2020-01-01T00:00:00.000000Z",
"modified": "2020-01-01T00:00:00.000000Z", "modified": "2020-01-01T00:00:00.000000Z",
"description": "This policy ensures compliance of xyz", "description": "This policy ensures compliance of xyz",
"ownerRef": { "ownerRef":
{
"type": "IDENTITY", "type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313", "id": "2c91808568c529c60168cca6f90c1313",
"name": "Owner Name" "name": "Owner Name",
}, },
"externalPolicyReference": "XYZ policy", "externalPolicyReference": "XYZ policy",
"policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)", "policyQuery":
"compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee", "@access(id:2c9180866166b5b0016167c32ef31a66 OR
"correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.", id:2c9180866166b5b0016167c32ef31a67) AND
@access(id:2c9180866166b5b0016167c32ef31a68 OR
id:2c9180866166b5b0016167c32ef31a69)",
"compensatingControls":
'Have a manager review the transaction decisions for their
"out of compliance" employee',
"correctionAdvice":
"Based on the role of the employee, managers should remove
access that is not required for their job function.",
"state": "ENFORCED", "state": "ENFORCED",
"tags": [ "tags": ["string"],
"string"
],
"creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"violationOwnerAssignmentConfig": { "violationOwnerAssignmentConfig":
{
"assignmentRule": "MANAGER", "assignmentRule": "MANAGER",
"ownerRef": { "ownerRef":
{
"type": "IDENTITY", "type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313", "id": "2c91808568c529c60168cca6f90c1313",
"name": "Violation Owner Name" "name": "Violation Owner Name",
} },
}, },
"scheduled": true, "scheduled": true,
"type": "CONFLICTING_ACCESS_BASED", "type": "CONFLICTING_ACCESS_BASED",
"conflictingAccessCriteria": { "conflictingAccessCriteria":
"leftCriteria": { {
"leftCriteria":
{
"name": "money-in", "name": "money-in",
"criteriaList": [ "criteriaList":
[
{ {
"type": "ENTITLEMENT", "type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a66" "id": "2c9180866166b5b0016167c32ef31a66",
}, },
{ {
"type": "ENTITLEMENT", "type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a67" "id": "2c9180866166b5b0016167c32ef31a67",
}
]
}, },
"rightCriteria": { ],
},
"rightCriteria":
{
"name": "money-out", "name": "money-out",
"criteriaList": [ "criteriaList":
[
{ {
"type": "ENTITLEMENT", "type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a68" "id": "2c9180866166b5b0016167c32ef31a68",
}, },
{ {
"type": "ENTITLEMENT", "type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a69" "id": "2c9180866166b5b0016167c32ef31a69",
} },
] ],
} },
} },
} }
General Policy: General Policy:
value: value:
{ {
"description": "Description", "description": "Description",
"ownerRef": { "ownerRef":
{
"type": "IDENTITY", "type": "IDENTITY",
"id": "2c918087682f9a86016839c05e8f1aff", "id": "2c918087682f9a86016839c05e8f1aff",
"name": "Owner Name" "name": "Owner Name",
}, },
"externalPolicyReference": "New policy", "externalPolicyReference": "New policy",
"policyQuery": "policy query implementation", "policyQuery": "policy query implementation",
@@ -189,18 +217,18 @@ post:
"id": "52c11db4-733e-4c31-949a-766c95ec95f1", "id": "52c11db4-733e-4c31-949a-766c95ec95f1",
"name": "General-Policy-Name", "name": "General-Policy-Name",
"created": "2020-05-12T19:47:38Z", "created": "2020-05-12T19:47:38Z",
"modified": "2020-05-12T19:47:38Z" "modified": "2020-05-12T19:47:38Z",
} }
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"
get: get:
operationId: listSodPolicies operationId: listSodPolicies
tags: tags:
@@ -213,34 +241,34 @@ get:
Requires role of ORG_ADMIN Requires role of ORG_ADMIN
parameters: parameters:
- $ref: '../../v3/parameters/limit.yaml' - $ref: "../../v3/parameters/limit.yaml"
- $ref: '../../v3/parameters/offset.yaml' - $ref: "../../v3/parameters/offset.yaml"
- $ref: '../../v3/parameters/count.yaml' - $ref: "../../v3/parameters/count.yaml"
- in: query - in: query
name: filters name: filters
schema: schema:
type: string type: string
description: >- description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filter results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators: Filtering is supported for the following fields and operators:
**id**: *eq* <br/> **id**: *eq* **name**: *eq* **state**: *eq*
**name**: *eq* <br/>
**state**: *eq*
example: id eq "bc693f07e7b645539626c25954c58554" example: id eq "bc693f07e7b645539626c25954c58554"
required: false required: false
responses: responses:
'200': "200":
description: List of all SOD Policies. description: List of all SOD Policies.
content: content:
application/json: application/json:
schema: schema:
type: array type: array
items: items:
$ref: '../schemas/SodPolicy.yaml' $ref: "../schemas/SodPolicy.yaml"
example: example:
[ [
{ {
@@ -249,66 +277,81 @@ get:
"created": "2020-01-01T00:00:00.000000Z", "created": "2020-01-01T00:00:00.000000Z",
"modified": "2020-01-01T00:00:00.000000Z", "modified": "2020-01-01T00:00:00.000000Z",
"description": "This policy ensures compliance of xyz", "description": "This policy ensures compliance of xyz",
"ownerRef": { "ownerRef":
{
"type": "IDENTITY", "type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313", "id": "2c91808568c529c60168cca6f90c1313",
"name": "Owner Name" "name": "Owner Name",
}, },
"externalPolicyReference": "XYZ policy", "externalPolicyReference": "XYZ policy",
"policyQuery": "@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)", "policyQuery":
"compensatingControls": "Have a manager review the transaction decisions for their \"out of compliance\" employee", "@access(id:2c9180866166b5b0016167c32ef31a66 OR
"correctionAdvice": "Based on the role of the employee, managers should remove access that is not required for their job function.", id:2c9180866166b5b0016167c32ef31a67) AND
@access(id:2c9180866166b5b0016167c32ef31a68 OR
id:2c9180866166b5b0016167c32ef31a69)",
"compensatingControls":
'Have a manager review the transaction decisions for their
"out of compliance" employee',
"correctionAdvice":
"Based on the role of the employee, managers should remove
access that is not required for their job function.",
"state": "ENFORCED", "state": "ENFORCED",
"tags": [ "tags": ["string"],
"string"
],
"creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", "creatorId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde", "modifierId": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"violationOwnerAssignmentConfig": { "violationOwnerAssignmentConfig":
{
"assignmentRule": "MANAGER", "assignmentRule": "MANAGER",
"ownerRef": { "ownerRef":
{
"type": "IDENTITY", "type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313", "id": "2c91808568c529c60168cca6f90c1313",
"name": "Violation Owner Name" "name": "Violation Owner Name",
} },
}, },
"scheduled": true, "scheduled": true,
"type": "CONFLICTING_ACCESS_BASED", "type": "CONFLICTING_ACCESS_BASED",
"conflictingAccessCriteria": { "conflictingAccessCriteria":
"leftCriteria": { {
"leftCriteria":
{
"name": "money-in", "name": "money-in",
"criteriaList": [ "criteriaList":
[
{ {
"type": "ENTITLEMENT", "type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a66" "id": "2c9180866166b5b0016167c32ef31a66",
}, },
{ {
"type": "ENTITLEMENT", "type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a67" "id": "2c9180866166b5b0016167c32ef31a67",
}
]
}, },
"rightCriteria": { ],
},
"rightCriteria":
{
"name": "money-out", "name": "money-out",
"criteriaList": [ "criteriaList":
[
{ {
"type": "ENTITLEMENT", "type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a68" "id": "2c9180866166b5b0016167c32ef31a68",
}, },
{ {
"type": "ENTITLEMENT", "type": "ENTITLEMENT",
"id": "2c9180866166b5b0016167c32ef31a69" "id": "2c9180866166b5b0016167c32ef31a69",
} },
] ],
} },
} },
}, },
{ {
"description": "Description", "description": "Description",
"ownerRef": { "ownerRef":
{
"type": "IDENTITY", "type": "IDENTITY",
"id": "2c918087682f9a86016839c05e8f1aff", "id": "2c918087682f9a86016839c05e8f1aff",
"name": "Owner Name" "name": "Owner Name",
}, },
"externalPolicyReference": "New policy", "externalPolicyReference": "New policy",
"policyQuery": "policy query implementation", "policyQuery": "policy query implementation",
@@ -325,16 +368,16 @@ get:
"id": "52c11db4-733e-4c31-949a-766c95ec95f1", "id": "52c11db4-733e-4c31-949a-766c95ec95f1",
"name": "General-Policy-Name", "name": "General-Policy-Name",
"created": "2020-05-12T19:47:38Z", "created": "2020-05-12T19:47:38Z",
"modified": "2020-05-12T19:47:38Z" "modified": "2020-05-12T19:47:38Z",
} },
] ]
'400': "400":
$ref: '../../v3/responses/400.yaml' $ref: "../../v3/responses/400.yaml"
'401': "401":
$ref: '../../v3/responses/401.yaml' $ref: "../../v3/responses/401.yaml"
'403': "403":
$ref: '../../v3/responses/403.yaml' $ref: "../../v3/responses/403.yaml"
'429': "429":
$ref: '../../v3/responses/429.yaml' $ref: "../../v3/responses/429.yaml"
'500': "500":
$ref: '../../v3/responses/500.yaml' $ref: "../../v3/responses/500.yaml"

32
static/api-specs/idn/beta/paths/supportlogin/access-granter-support-login-get.yaml
View File

@@ -4,9 +4,11 @@ get:
- Auth Support Login - Auth Support Login
summary: Get an access granter support login record by granter tenant summary: Get an access granter support login record by granter tenant
description: >- description: >-
Fetch the auth support login record associated with the tenant requesting support (i.e., the tenant requesting support). To be invoked by the authTenant. </br> Fetch the auth support login record associated with the tenant requesting
</br> support (i.e., the tenant requesting support). To be invoked by the
Request will require the following security scope: </br> authTenant.
Request will require the following security scope:
**sp:auth-support-login:read** **sp:auth-support-login:read**
parameters: parameters:
- in: path - in: path
@@ -18,19 +20,19 @@ get:
type: string type: string
responses: responses:
'200': "200":
description: access granter support login response. description: access granter support login response.
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/AccessGranterAuthSupportLoginResponse.yaml' $ref: "../../schemas/AccessGranterAuthSupportLoginResponse.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'404': "404":
$ref: '../../../v3/responses/404.yaml' $ref: "../../../v3/responses/404.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

49
static/api-specs/idn/beta/paths/supportlogin/access-granter-support-login-list.yaml
View File

@@ -4,46 +4,51 @@ get:
- Auth Support Login - Auth Support Login
summary: List access granter support login records summary: List access granter support login records
description: >- description: >-
Fetch the list of auth support login records that grant access to the auth tenant (i.e., the tenant providing support). To be invoked by the authTenant.</br> Fetch the list of auth support login records that grant access to the auth
</br> tenant (i.e., the tenant providing support). To be invoked by the
Request will require the following security scope: </br> authTenant. Request will require the following security scope:
**sp:auth-support-login:read** **sp:auth-support-login:read**
parameters: parameters:
- $ref: '../../../v3/parameters/limit.yaml' - $ref: "../../../v3/parameters/limit.yaml"
- $ref: '../../../v3/parameters/offset.yaml' - $ref: "../../../v3/parameters/offset.yaml"
- $ref: '../../../v3/parameters/count.yaml' - $ref: "../../../v3/parameters/count.yaml"
- in: query - in: query
name: sorters name: sorters
schema: schema:
type: string type: string
format: comma-separated format: comma-separated
description: >- description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)<br/><br/> Sort results using the standard syntax described in [V3 API Standard
Sorting is supported for the following fields: **accessGranterTenant, authUserName, role, expirationDate** Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **accessGranterTenant,
authUserName, role, expirationDate**
- in: query - in: query
name: filters name: filters
schema: schema:
type: string type: string
description: >- description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)<br/><br/> Filter results using the standard syntax described in [V3 API Standard
Filtering is supported for the following fields and operators:<br/><br/> Collection
**accessGranterTenant**: *eq, co, sw* <br/><br/> Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
*Example:* accessGranterTenant eq "acme-solar", accessGranterTenant co "solar" Filtering is supported for the following fields and operators:
**accessGranterTenant**: *eq, co, sw* *Example:* accessGranterTenant eq
"acme-solar", accessGranterTenant co "solar"
responses: responses:
'200': "200":
description: list of access granter support login responses. description: list of access granter support login responses.
content: content:
application/json: application/json:
schema: schema:
type: array type: array
items: items:
$ref: '../../schemas/AccessGranterAuthSupportLoginResponse.yaml' $ref: "../../schemas/AccessGranterAuthSupportLoginResponse.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

33
static/api-specs/idn/beta/paths/supportlogin/auth-support-login-create.yaml
View File

@@ -3,9 +3,10 @@ tags:
- Auth Support Login - Auth Support Login
summary: Create auth support login record summary: Create auth support login record
description: >- description: >-
This request will create an auth support login record allowing the authTenant to be able to login as a support user into the tenant requesting support. </br> This request will create an auth support login record allowing the authTenant
</br> to be able to login as a support user into the tenant requesting support.
Request will require the following security scope: </br>
Request will require the following security scope:
**sp:auth-support-login:create** **sp:auth-support-login:create**
requestBody: requestBody:
@@ -14,21 +15,21 @@ requestBody:
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/AuthSupportLoginRequest.yaml' $ref: "../../schemas/AuthSupportLoginRequest.yaml"
responses: responses:
'200': "200":
description: Created auth support login record. description: Created auth support login record.
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/AuthSupportLoginResponse.yaml' $ref: "../../schemas/AuthSupportLoginResponse.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'429': "429":
$ref: '../../../v3/responses/429.yaml' $ref: "../../../v3/responses/429.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

30
static/api-specs/idn/beta/paths/supportlogin/auth-support-login-delete.yaml
View File

@@ -3,10 +3,8 @@ tags:
- Auth Support Login - Auth Support Login
summary: Delete auth support login record by auth tenant summary: Delete auth support login record by auth tenant
description: >- description: >-
This request will delete an auth support login record. <br/> This request will delete an auth support login record. Request will require
</br> the following security scope: **sp:auth-support-login:delete**
Request will require the following security scope: </br>
**sp:auth-support-login:delete**
parameters: parameters:
- in: path - in: path
name: authTenant name: authTenant
@@ -16,15 +14,15 @@ parameters:
schema: schema:
type: string type: string
responses: responses:
'204': "204":
$ref: '../../../v3/responses/204.yaml' $ref: "../../../v3/responses/204.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'404': "404":
$ref: '../../../v3/responses/404.yaml' $ref: "../../../v3/responses/404.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

30
static/api-specs/idn/beta/paths/supportlogin/auth-support-login-get.yaml
View File

@@ -3,9 +3,9 @@ tags:
- Auth Support Login - Auth Support Login
summary: Get auth support login record by auth tenant summary: Get auth support login record by auth tenant
description: >- description: >-
Fetch an auth support login record by an authorized auth tenant. </br> Fetch an auth support login record by an authorized auth tenant.
</br>
Request will require the following security scope: </br> Request will require the following security scope:
**sp:auth-support-login:read** **sp:auth-support-login:read**
parameters: parameters:
@@ -17,19 +17,19 @@ parameters:
schema: schema:
type: string type: string
responses: responses:
'200': "200":
description: auth support login response. description: auth support login response.
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/AuthSupportLoginResponse.yaml' $ref: "../../schemas/AuthSupportLoginResponse.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'404': "404":
$ref: '../../../v3/responses/404.yaml' $ref: "../../../v3/responses/404.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

48
static/api-specs/idn/beta/paths/supportlogin/auth-support-login-list.yaml
View File

@@ -3,45 +3,49 @@ tags:
- Auth Support Login - Auth Support Login
summary: List auth support login records summary: List auth support login records
description: >- description: >-
Fetch list of auth support login records that the tenant has granted access to.</br> Fetch list of auth support login records that the tenant has granted access
</br> to. Request will require the following security scope:
Request will require the following security scope:</br>
**sp:auth-support-login:read** **sp:auth-support-login:read**
parameters: parameters:
- $ref: '../../../v3/parameters/limit.yaml' - $ref: "../../../v3/parameters/limit.yaml"
- $ref: '../../../v3/parameters/offset.yaml' - $ref: "../../../v3/parameters/offset.yaml"
- $ref: '../../../v3/parameters/count.yaml' - $ref: "../../../v3/parameters/count.yaml"
- in: query - in: query
name: sorters name: sorters
schema: schema:
type: string type: string
format: comma-separated format: comma-separated
description: >- description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)<br/><br/> Sort results using the standard syntax described in [V3 API Standard
Sorting is supported for the following fields: **authTenant, authUserName, role, expirationDate** Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **authTenant, authUserName,
role, expirationDate**
- in: query - in: query
name: filters name: filters
schema: schema:
type: string type: string
description: >- description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)<br/><br/> Filter results using the standard syntax described in [V3 API Standard
Filtering is supported for the following fields and operators:<br/><br/> Collection
**authTenant**: *eq, sw* <br/><br/> Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
*Example:* authTenant eq "sailpoint", accessGranterTenant sw "sail" Filtering is supported for the following fields and operators:
**authTenant**: *eq, sw* *Example:* authTenant eq "sailpoint",
accessGranterTenant sw "sail"
responses: responses:
'200': "200":
description: list of auth support login responses. description: list of auth support login responses.
content: content:
application/json: application/json:
schema: schema:
type: array type: array
items: items:
$ref: '../../schemas/AuthSupportLoginResponse.yaml' $ref: "../../schemas/AuthSupportLoginResponse.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

38
static/api-specs/idn/beta/paths/supportlogin/auth-support-login-patch.yaml
View File

@@ -3,11 +3,9 @@ tags:
- Auth Support Login - Auth Support Login
summary: Patch auth support login record by auth tenant summary: Patch auth support login record by auth tenant
description: >- description: >-
This request will patch an auth support login record. <br/> This request will patch an auth support login record. Patchable fields:
Patchable fields: **expirationDate** </br></br> **expirationDate** Request will require the following security
</br> scope: **sp:auth-support-login:update**
Request will require the following security scope: </br>
**sp:auth-support-login:update**
parameters: parameters:
- in: path - in: path
name: authTenant name: authTenant
@@ -17,32 +15,34 @@ parameters:
schema: schema:
type: string type: string
requestBody: requestBody:
description: A list of auth support login update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. description:
A list of auth support login update operations according to the [JSON
Patch](https://tools.ietf.org/html/rfc6902) standard.
required: true required: true
content: content:
application/json-patch+json: application/json-patch+json:
schema: schema:
type: array type: array
items: items:
$ref: '../../schemas/JsonPatchOperation.yaml' $ref: "../../schemas/JsonPatchOperation.yaml"
example: example:
- op: "replace" - op: "replace"
path: "/expirationDate" path: "/expirationDate"
value: "2030-08-23T18:00:00.000Z" value: "2030-08-23T18:00:00.000Z"
responses: responses:
'200': "200":
description: Updated auth support login record. description: Updated auth support login record.
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/AuthSupportLoginResponse.yaml' $ref: "../../schemas/AuthSupportLoginResponse.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'404': "404":
$ref: '../../../v3/responses/404.yaml' $ref: "../../../v3/responses/404.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

35
static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfer-get.yaml
View File

@@ -3,9 +3,9 @@ tags:
- Auth Support Login - Auth Support Login
summary: Get auth support transfer status record by tenant summary: Get auth support transfer status record by tenant
description: >- description: >-
Fetches an auth support transfer status record by tenant. </br> Fetches an auth support transfer status record by tenant.
</br>
This request requires the following security scope: </br> This request requires the following security scope:
**sp:auth-support-login-transfer:read** **sp:auth-support-login-transfer:read**
parameters: parameters:
- in: path - in: path
@@ -16,19 +16,22 @@ parameters:
schema: schema:
type: string type: string
responses: responses:
'200': "200":
description: Response containing the name of the tenant associated with an auth support login access grant and an indication whether that tenant has been transferred yet. description:
Response containing the name of the tenant associated with an auth support
login access grant and an indication whether that tenant has been
transferred yet.
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/AuthSupportTransferStatusResponse.yaml' $ref: "../../schemas/AuthSupportTransferStatusResponse.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'404': "404":
$ref: '../../../v3/responses/404.yaml' $ref: "../../../v3/responses/404.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

42
static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfer-post.yaml
View File

@@ -3,10 +3,11 @@ tags:
- Auth Support Login - Auth Support Login
summary: Transfer auth support login grant summary: Transfer auth support login grant
description: >- description: >-
Transfers an auth support login access grant for the specified tenant by setting the transferred field in the</br> Transfers an auth support login access grant for the specified tenant by
tenant's auth support transfer status record to "true" and deleting the tenant's initial auth support login record.</br> setting the transferred field in the tenant's auth support transfer status
</br> record to "true" and deleting the tenant's initial auth support login record.
This request requires the following security scope: </br>
This request requires the following security scope:
**sp:auth-support-login-transfer:update** **sp:auth-support-login-transfer:update**
parameters: parameters:
- in: path - in: path
@@ -17,21 +18,24 @@ parameters:
schema: schema:
type: string type: string
responses: responses:
'200': "200":
description: Response containing the name of the tenant associated with an auth support login access grant and an indication whether that tenant has been transferred yet. description:
Response containing the name of the tenant associated with an auth support
login access grant and an indication whether that tenant has been
transferred yet.
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/AuthSupportTransferStatusResponse.yaml' $ref: "../../schemas/AuthSupportTransferStatusResponse.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'404': "404":
$ref: '../../../v3/responses/404.yaml' $ref: "../../../v3/responses/404.yaml"
'429': "429":
$ref: '../../../v3/responses/429.yaml' $ref: "../../../v3/responses/429.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

46
static/api-specs/idn/beta/paths/supportlogin/auth-support-login-transfers-list.yaml
View File

@@ -4,45 +4,47 @@ get:
- Auth Support Login - Auth Support Login
summary: List auth support transfer status records summary: List auth support transfer status records
description: >- description: >-
Fetches a list of auth support transfer status records that indicate whether an auth support login has been transferred.</br> Fetches a list of auth support transfer status records that indicate whether
</br> an auth support login has been transferred. This request requires the
This request requires the following security scope:</br> following security scope: **sp:auth-support-login-transfer:read**
**sp:auth-support-login-transfer:read**
parameters: parameters:
- $ref: '../../../v3/parameters/limit.yaml' - $ref: "../../../v3/parameters/limit.yaml"
- $ref: '../../../v3/parameters/offset.yaml' - $ref: "../../../v3/parameters/offset.yaml"
- $ref: '../../../v3/parameters/count.yaml' - $ref: "../../../v3/parameters/count.yaml"
- in: query - in: query
name: sorters name: sorters
schema: schema:
type: string type: string
format: comma-separated format: comma-separated
description: >- description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)<br/><br/> Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **tenant** Sorting is supported for the following fields: **tenant**
- in: query - in: query
name: filters name: filters
schema: schema:
type: string type: string
description: >- description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)<br/><br/> Filter results using the standard syntax described in [V3 API Standard
Filtering is supported for the following fields and operators:<br/><br/> Collection
**transferred**: *eq* <br/><br/> Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
*Example:* transferred eq false, transferred eq 0 Filtering is supported for the following fields and operators:
**transferred**: *eq* *Example:* transferred eq false, transferred eq 0
responses: responses:
'200': "200":
description: list of auth support transfer status responses. description: list of auth support transfer status responses.
content: content:
application/json: application/json:
schema: schema:
type: array type: array
items: items:
$ref: '../../schemas/AuthSupportTransferStatusResponse.yaml' $ref: "../../schemas/AuthSupportTransferStatusResponse.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

45
static/api-specs/idn/beta/paths/supportlogin/auth-support-logins-migrate.yaml
View File

@@ -4,34 +4,37 @@ post:
- Auth Support Login - Auth Support Login
summary: Migrate auth support login records summary: Migrate auth support login records
description: >- description: >-
Migrates all the auth support login access grants from the specified auth tenant to the new auth tenant in the</br> Migrates all the auth support login access grants from the specified auth
request context, resulting in the new auth tenant having possession of all the old auth tenant's auth support</br> tenant to the new auth tenant in the request context, resulting in the new
login access grants and the old auth tenant no longer having any more auth support login access grants.</br> auth tenant having possession of all the old auth tenant's auth support
</br> login access grants and the old auth tenant no longer having any more auth
Because this is a highly privileged operation meant only to be executable by SailPoint DevOps,</br> support login access grants.
this request requires the following security scope: </br>
Because this is a highly privileged operation meant only to be executable by
SailPoint DevOps, this request requires the following security scope:
**sp:auth-support-login-transfer:update** **sp:auth-support-login-transfer:update**
parameters: parameters:
- in: path - in: path
name: oldAuthTenant name: oldAuthTenant
description: >- description: >-
The name of auth tenant whose auth support login access grants will be migrated to the calling auth tenant The name of auth tenant whose auth support login access grants will be
migrated to the calling auth tenant
example: acme-solar example: acme-solar
required: true required: true
schema: schema:
type: string type: string
responses: responses:
'202': "202":
$ref: '../../../v3/responses/202.yaml' $ref: "../../../v3/responses/202.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'404': "404":
$ref: '../../../v3/responses/404.yaml' $ref: "../../../v3/responses/404.yaml"
'429': "429":
$ref: '../../../v3/responses/429.yaml' $ref: "../../../v3/responses/429.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

42
static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-create.yaml
View File

@@ -3,13 +3,15 @@ tags:
- Auth Support Login - Auth Support Login
summary: Create auth support tenant record summary: Create auth support tenant record
description: >- description: >-
This request will create an auth support tenant record for the tenant making the call, making that tenant the auth This request will create an auth support tenant record for the tenant making
tenant in the new record. This new record will function as a prerequisite metadata reference for when a target tenant the call, making that tenant the auth tenant in the new record. This new
attempts to create an auth support login record that grants access to a particular auth tenant. record will function as a prerequisite metadata reference for when a target
Thus, a target tenant must name an auth tenant that exists within an auth support tenant record in order to tenant attempts to create an auth support login record that grants access to a
successfully create an auth support login record.</br> particular auth tenant. Thus, a target tenant must name an auth tenant that
</br> exists within an auth support tenant record in order to successfully create an
Request will require the following security scope: </br> auth support login record.
Request will require the following security scope:
**sp:auth-support-login:create** **sp:auth-support-login:create**
requestBody: requestBody:
@@ -18,21 +20,21 @@ requestBody:
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/AuthSupportTenantRequest.yaml' $ref: "../../schemas/AuthSupportTenantRequest.yaml"
responses: responses:
'200': "200":
description: Created auth support tenant record. description: Created auth support tenant record.
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/AuthSupportTenantResponse.yaml' $ref: "../../schemas/AuthSupportTenantResponse.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'429': "429":
$ref: '../../../v3/responses/429.yaml' $ref: "../../../v3/responses/429.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

25
static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-delete.yaml
View File

@@ -3,18 +3,17 @@ tags:
- Auth Support Login - Auth Support Login
summary: Delete all auth support tenant records for this tenant summary: Delete all auth support tenant records for this tenant
description: >- description: >-
This request will delete all auth support tenant records related to the requesting tenant. <br/> This request will delete all auth support tenant records related to the
</br> requesting tenant. Request will require the following security scope:
Request will require the following security scope: </br>
**sp:auth-support-login:delete** **sp:auth-support-login:delete**
responses: responses:
'204': "204":
$ref: '../../../v3/responses/204.yaml' $ref: "../../../v3/responses/204.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'404': "404":
$ref: '../../../v3/responses/404.yaml' $ref: "../../../v3/responses/404.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

45
static/api-specs/idn/beta/paths/supportlogin/auth-support-tenant-list.yaml
View File

@@ -3,45 +3,48 @@ tags:
- Auth Support Login - Auth Support Login
summary: List auth support tenant records summary: List auth support tenant records
description: >- description: >-
Fetch list of auth support tenant records that can be used as authTenant.</br> Fetch list of auth support tenant records that can be used as authTenant.
</br> Request will require the following security scope:
Request will require the following security scope:</br>
**sp:auth-support-login:read** **sp:auth-support-login:read**
parameters: parameters:
- $ref: '../../../v3/parameters/limit.yaml' - $ref: "../../../v3/parameters/limit.yaml"
- $ref: '../../../v3/parameters/offset.yaml' - $ref: "../../../v3/parameters/offset.yaml"
- $ref: '../../../v3/parameters/count.yaml' - $ref: "../../../v3/parameters/count.yaml"
- in: query - in: query
name: sorters name: sorters
schema: schema:
type: string type: string
format: comma-separated format: comma-separated
description: >- description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)<br/><br/> Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **authTenant** Sorting is supported for the following fields: **authTenant**
- in: query - in: query
name: filters name: filters
schema: schema:
type: string type: string
description: >- description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)<br/><br/> Filter results using the standard syntax described in [V3 API Standard
Filtering is supported for the following fields and operators:<br/><br/> Collection
**authTenant**: *eq, sw* <br/><br/> Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
*Example:* authTenant eq "sailpoint", authTenant sw "sail" Filtering is supported for the following fields and operators:
**authTenant**: *eq, sw* *Example:* authTenant eq "sailpoint", authTenant
sw "sail"
responses: responses:
'200': "200":
description: list of auth support tenant responses. description: list of auth support tenant responses.
content: content:
application/json: application/json:
schema: schema:
type: array type: array
items: items:
$ref: '../../schemas/AuthSupportTenantResponse.yaml' $ref: "../../schemas/AuthSupportTenantResponse.yaml"
'400': "400":
$ref: '../../../v3/responses/400.yaml' $ref: "../../../v3/responses/400.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

34
static/api-specs/idn/beta/paths/supportlogin/auth-support-user-eligibility-get.yaml
View File

@@ -4,22 +4,26 @@ get:
- Auth Support Login - Auth Support Login
summary: Get a user's eligibility for support and services login summary: Get a user's eligibility for support and services login
description: >- description: >-
Fetch the auth support tenant record(s) associated with this user's tenant and check to see if the user belongs </br> Fetch the auth support tenant record(s) associated with this user's tenant
to any access roles allowed for performing support and services login </br> and check to see if the user belongs to any access roles allowed for
</br> performing support and services login
Request requires an authenticated user, but no specific scope is required for analysis of user eligibility.
Request requires an authenticated user, but no specific scope is required
for analysis of user eligibility.
responses: responses:
'200': "200":
description: Response containing a determination of whether or not the logged-in user is eligible to provide support to customers. description:
Response containing a determination of whether or not the logged-in user
is eligible to provide support to customers.
content: content:
application/json: application/json:
schema: schema:
$ref: '../../schemas/AuthSupportUserEligibilityResponse.yaml' $ref: "../../schemas/AuthSupportUserEligibilityResponse.yaml"
'401': "401":
$ref: '../../../v3/responses/401.yaml' $ref: "../../../v3/responses/401.yaml"
'403': "403":
$ref: '../../../v3/responses/403.yaml' $ref: "../../../v3/responses/403.yaml"
'429': "429":
$ref: '../../../v3/responses/429.yaml' $ref: "../../../v3/responses/429.yaml"
'500': "500":
$ref: '../../../v3/responses/500.yaml' $ref: "../../../v3/responses/500.yaml"

14
static/api-specs/idn/beta/schemas/TemplateDto.yaml
View File

@@ -22,16 +22,18 @@ properties:
example: "en" example: "en"
subject: subject:
type: string type: string
example: "You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}." example:
"You have $numberOfPendingTasks $taskTasks to complete in
${__global.productName}."
header: header:
type: string type: string
example: "Dear $__recipient.name,<br/>" example: "Dear $__recipient.name,"
body: body:
type: string type: string
example: "Please go to the task manager" example: "Please go to the task manager"
footer: footer:
type: string type: string
example: "<br/>Thanks,<br/> The $__global.productName Team<br/>" example: "Thanks, The $__global.productName Team"
from: from:
type: string type: string
example: "$__global.emailFromAddress" example: "$__global.emailFromAddress"
@@ -40,7 +42,8 @@ properties:
example: "$__global.emailFromAddress" example: "$__global.emailFromAddress"
description: description:
type: string type: string
example: "Daily digest - sent if number of outstanding tasks for task owner > 0" example:
"Daily digest - sent if number of outstanding tasks for task owner > 0"
id: id:
type: string type: string
example: "c17bea3a-574d-453c-9e04-4365fbf5af0b" example: "c17bea3a-574d-453c-9e04-4365fbf5af0b"
@@ -53,7 +56,8 @@ properties:
modified: modified:
type: string type: string
format: date-time format: date-time
description: The time when this template was last modified. This is auto-generated. description:
The time when this template was last modified. This is auto-generated.
example: "2020-01-01T00:00:00.000000Z" example: "2020-01-01T00:00:00.000000Z"
required: required:
- key - key

11
static/api-specs/idn/beta/schemas/TemplateDtoDefault.yaml
View File

@@ -22,16 +22,18 @@ properties:
example: "en" example: "en"
subject: subject:
type: string type: string
example: "You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}." example:
"You have $numberOfPendingTasks $taskTasks to complete in
${__global.productName}."
header: header:
type: string type: string
example: "Dear $__recipient.name,<br/>" example: "Dear $__recipient.name,"
body: body:
type: string type: string
example: "Please go to the task manager" example: "Please go to the task manager"
footer: footer:
type: string type: string
example: "<br/>Thanks,<br/> The $__global.productName Team<br/>" example: "Thanks, The $__global.productName Team"
from: from:
type: string type: string
example: "$__global.emailFromAddress" example: "$__global.emailFromAddress"
@@ -40,4 +42,5 @@ properties:
example: "$__global.emailFromAddress" example: "$__global.emailFromAddress"
description: description:
type: string type: string
example: "Daily digest - sent if number of outstanding tasks for task owner > 0" example:
"Daily digest - sent if number of outstanding tasks for task owner > 0"

15
static/api-specs/idn/v3/paths/non-employee-approval-list.yaml
View File

@@ -6,11 +6,11 @@ get:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Get List of Non-Employee Approval Requests summary: Get List of Non-Employee Approval Requests
description: >- description: >-
This gets a list of non-employee approval requests.<br><br> This gets a list of non-employee approval requests.
There are two contextual uses for this endpoint:<br> There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:read`, in which case they 1. The user has the role context of `idn:nesr:read`, in which case they
can list the approvals for any approver.<br> can list the approvals for any approver.
2. The user owns the requested approval. 2. The user owns the requested approval.
parameters: parameters:
- in: query - in: query
@@ -32,10 +32,9 @@ get:
description: >- description: >-
Filter results using the standard syntax described in [V3 API Standard Filter results using the standard syntax described in [V3 API Standard
Collection Collection
Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)<br/><br/> Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)
Filtering is supported for the following fields and operators:<br/><br/> Filtering is supported for the following fields and operators:
**approvalStatus**: *eq* <br/><br/> *Example:* approvalStatus eq **approvalStatus**: *eq* *Example:* approvalStatus eq "PENDING"
"PENDING"
example: approvalStatus eq "Pending" example: approvalStatus eq "Pending"
required: false required: false
- in: query - in: query
@@ -46,7 +45,7 @@ get:
description: >- description: >-
Sort results using the standard syntax described in [V3 API Standard Sort results using the standard syntax described in [V3 API Standard
Collection Collection
Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)<br/><br/> Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
Sorting is supported for the following fields: **created, modified** Sorting is supported for the following fields: **created, modified**
required: false required: false
example: created example: created

7
static/api-specs/idn/v3/paths/non-employee-approval-summary.yaml
View File

@@ -6,12 +6,11 @@ get:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Get Summary of Non-Employee Approval Requests summary: Get Summary of Non-Employee Approval Requests
description: >- description: >-
This request will retrieve a summary of non-employee approval This request will retrieve a summary of non-employee approval requests.
requests.<br><br> There are two contextual uses for the `requested-for` path There are two contextual uses for the `requested-for` path parameter:
parameter:<br>
1. The user has the role context of `idn:nesr:read`, in which case he or 1. The user has the role context of `idn:nesr:read`, in which case he or
she may request a summary of all non-employee approval requests assigned to she may request a summary of all non-employee approval requests assigned to
a particular approver by passing in that approver's id.<br> a particular approver by passing in that approver's id.
2. The current user is an approver, in which case "me" should be provided 2. The current user is an approver, in which case "me" should be provided
as the `requested-for` value. This will provide the approver with a summary as the `requested-for` value. This will provide the approver with a summary
of the approval items assigned to him or her. of the approval items assigned to him or her.

6
static/api-specs/idn/v3/paths/non-employee-approve-get.yaml
View File

@@ -6,10 +6,10 @@ get:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Get a non-employee approval item detail summary: Get a non-employee approval item detail
description: >- description: >-
Gets a non-employee approval item detail.<br><br> There are two contextual Gets a non-employee approval item detail. There are two contextual uses for
uses for this endpoint:<br> this endpoint:
1. The user has the role context of `idn:nesr:read`, in which case they 1. The user has the role context of `idn:nesr:read`, in which case they
can get any approval.<br> can get any approval.
2. The user owns the requested approval. 2. The user owns the requested approval.
parameters: parameters:
- in: path - in: path

4
static/api-specs/idn/v3/paths/non-employee-approve-request.yaml
View File

@@ -6,8 +6,8 @@ post:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Approve a Non-Employee Request summary: Approve a Non-Employee Request
description: >- description: >-
Approves a non-employee approval request and notifies the next Approves a non-employee approval request and notifies the next approver. The
approver.<br><br> The current user must be the requested approver. current user must be the requested approver.
parameters: parameters:
- in: path - in: path
name: id name: id

8
static/api-specs/idn/v3/paths/non-employee-bulk-upload-jobs-fail.yaml
View File

@@ -7,16 +7,16 @@ post:
summary: Fail Bulk Upload summary: Fail Bulk Upload
description: | description: |
This API does not stop the job. It flags the job as failed. The job continues to run if it was This API does not stop the job. It flags the job as failed. The job continues to run if it was
running when the API was invoked.<br><br> running when the API was invoked.
Before you submit this request, verify the transaction is actually failed in Kibana. When Before you submit this request, verify the transaction is actually failed in Kibana. When
the NON_EMPLOYEE_CREATE_PASSED events have stopped, then the job is completed. <br><br> the NON_EMPLOYEE_CREATE_PASSED events have stopped, then the job is completed.
Important: This API does not stop the job, it flags the job as failed. The job continues to run if Important: This API does not stop the job, it flags the job as failed. The job continues to run if
the it was running when the API was invoked. If invoked while the transaction is still running, the it was running when the API was invoked. If invoked while the transaction is still running,
other jobs are allowed to start but the second job to start will fail. <br><br> other jobs are allowed to start but the second job to start will fail.
Requires role context of `idn:nesr:update`. <br><br> Requires role context of `idn:nesr:update`.
This is for internal use only. This is for internal use only.
parameters: parameters:

16
static/api-specs/idn/v3/paths/non-employee-record.yaml
View File

@@ -6,7 +6,7 @@ get:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Get a Non-Employee Record summary: Get a Non-Employee Record
description: >- description: >-
This gets a non-employee record.<br><br> This gets a non-employee record.
Requires role context of `idn:nesr:read` Requires role context of `idn:nesr:read`
parameters: parameters:
@@ -43,10 +43,10 @@ put:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Update Non-Employee Record summary: Update Non-Employee Record
description: >- description: >-
This request will update a non-employee record.<br><br> There are two This request will update a non-employee record. There are two
contextual uses for this endpoint:<br> contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:update`, in which case they 1. The user has the role context of `idn:nesr:update`, in which case they
update all available fields.<br> update all available fields.
2. The user is owner of the source, in this case they can only update the 2. The user is owner of the source, in this case they can only update the
end date. end date.
parameters: parameters:
@@ -95,10 +95,10 @@ patch:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Patch Non-Employee Record summary: Patch Non-Employee Record
description: >- description: >-
This request will patch a non-employee record.<br><br> There are two This request will patch a non-employee record. There are two
contextual uses for this endpoint:<br> contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:update`, in which case they 1. The user has the role context of `idn:nesr:update`, in which case they
update all available fields.<br> update all available fields.
2. The user is owner of the source, in this case they can only update the 2. The user is owner of the source, in this case they can only update the
end date. end date.
parameters: parameters:
@@ -154,7 +154,7 @@ delete:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Delete Non-Employee Record summary: Delete Non-Employee Record
description: >- description: >-
This request will delete a non-employee record.<br><br> This request will delete a non-employee record.
Requires role context of `idn:nesr:delete` Requires role context of `idn:nesr:delete`
parameters: parameters:

3
static/api-specs/idn/v3/paths/non-employee-records-bulk-delete.yaml
View File

@@ -7,8 +7,7 @@ post:
summary: Delete Multiple Non-Employee Records summary: Delete Multiple Non-Employee Records
description: >- description: >-
This request will delete multiple non-employee records based on the This request will delete multiple non-employee records based on the
non-employee ids provided.<br><br> Requires role context of non-employee ids provided. Requires role context of `idn:nesr:delete`
`idn:nesr:delete`
requestBody: requestBody:
description: Non-Employee bulk delete request body. description: Non-Employee bulk delete request body.
required: true required: true

82
static/api-specs/idn/v3/paths/non-employee-records.yaml
View File

@@ -6,7 +6,7 @@ post:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Create Non-Employee Record summary: Create Non-Employee Record
description: >- description: >-
This request will create a non-employee record.<br><br> This request will create a non-employee record.
Requires role context of `idn:nesr:create` Requires role context of `idn:nesr:create`
requestBody: requestBody:
@@ -15,24 +15,24 @@ post:
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/non-employee/NonEmployeeRequestBody.yaml' $ref: "../schemas/non-employee/NonEmployeeRequestBody.yaml"
responses: responses:
'200': "200":
description: Created non-employee record. description: Created non-employee record.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/non-employee/NonEmployeeRecord.yaml' $ref: "../schemas/non-employee/NonEmployeeRecord.yaml"
'400': "400":
$ref: '../responses/400.yaml' $ref: "../responses/400.yaml"
'401': "401":
$ref: '../responses/401.yaml' $ref: "../responses/401.yaml"
'403': "403":
$ref: '../responses/403.yaml' $ref: "../responses/403.yaml"
'429': "429":
$ref: '../responses/429.yaml' $ref: "../responses/429.yaml"
'500': "500":
$ref: '../responses/500.yaml' $ref: "../responses/500.yaml"
get: get:
operationId: nonEmployeeRecordList operationId: nonEmployeeRecordList
security: security:
@@ -41,14 +41,14 @@ get:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: List Non-Employee Records summary: List Non-Employee Records
description: >- description: >-
This gets a list of non-employee records.<br><br> This gets a list of non-employee records.
There are two contextual uses for this endpoint:<br> There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:read`, in which case they can get a list of all of the non-employees.<br> 1. The user has the role context of `idn:nesr:read`, in which case they can get a list of all of the non-employees.
2. The user is an account manager, in which case they can get a list of the non-employees that they manage. 2. The user is an account manager, in which case they can get a list of the non-employees that they manage.
parameters: parameters:
- $ref: '../parameters/limit.yaml' - $ref: "../parameters/limit.yaml"
- $ref: '../parameters/offset.yaml' - $ref: "../parameters/offset.yaml"
- $ref: '../parameters/count.yaml' - $ref: "../parameters/count.yaml"
- in: query - in: query
name: sorters name: sorters
required: false required: false
@@ -57,8 +57,12 @@ get:
format: comma-separated format: comma-separated
example: accountName,sourceId example: accountName,sourceId
description: >- description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)<br/><br/> Sort results using the standard syntax described in [V3 API Standard
Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified** Collection
Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
Sorting is supported for the following fields: **id, accountName,
sourceId, manager, firstName, lastName, email, phone, startDate,
endDate, created, modified**
- in: query - in: query
name: filters name: filters
required: false required: false
@@ -66,26 +70,28 @@ get:
type: string type: string
example: sourceId eq "2c91808568c529c60168cca6f90c1313" example: sourceId eq "2c91808568c529c60168cca6f90c1313"
description: >- description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)<br/><br/> Filter results using the standard syntax described in [V3 API Standard
Filtering is supported for the following fields and operators:<br/><br/> Collection
**sourceId**: *eq* <br/><br/> Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)
*Example:* sourceId eq "2c91808568c529c60168cca6f90c1313" Filtering is supported for the following fields and operators:
**sourceId**: *eq* *Example:* sourceId eq
"2c91808568c529c60168cca6f90c1313"
responses: responses:
'200': "200":
description: Non-Employee record objects description: Non-Employee record objects
content: content:
application/json: application/json:
schema: schema:
type: array type: array
items: items:
$ref: '../schemas/non-employee/NonEmployeeRecord.yaml' $ref: "../schemas/non-employee/NonEmployeeRecord.yaml"
'400': "400":
$ref: '../responses/400.yaml' $ref: "../responses/400.yaml"
'401': "401":
$ref: '../responses/401.yaml' $ref: "../responses/401.yaml"
'403': "403":
$ref: '../responses/403.yaml' $ref: "../responses/403.yaml"
'429': "429":
$ref: '../responses/429.yaml' $ref: "../responses/429.yaml"
'500': "500":
$ref: '../responses/500.yaml' $ref: "../responses/500.yaml"

4
static/api-specs/idn/v3/paths/non-employee-reject-request.yaml
View File

@@ -6,8 +6,8 @@ post:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Reject a Non-Employee Request summary: Reject a Non-Employee Request
description: >- description: >-
This endpoint will reject an approval item request and notify user.<br><br> This endpoint will reject an approval item request and notify user. The
The current user must be the requested approver. current user must be the requested approver.
parameters: parameters:
- in: path - in: path
name: id name: id

6
static/api-specs/idn/v3/paths/non-employee-request-summary-get.yaml
View File

@@ -6,11 +6,11 @@ get:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Get Summary of Non-Employee Requests summary: Get Summary of Non-Employee Requests
description: >- description: >-
This request will retrieve a summary of non-employee requests.<br><br> There This request will retrieve a summary of non-employee requests. There are two
are two contextual uses for the `requested-for` path parameter:<br> contextual uses for the `requested-for` path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or 1. The user has the role context of `idn:nesr:read`, in which case he or
she may request a summary of all non-employee approval requests assigned to she may request a summary of all non-employee approval requests assigned to
a particular account manager by passing in that manager's id.<br> a particular account manager by passing in that manager's id.
2. The current user is an account manager, in which case "me" should be 2. The current user is an account manager, in which case "me" should be
provided as the `requested-for` value. This will provide the user with a provided as the `requested-for` value. This will provide the user with a
summary of the non-employee requests in the source(s) he or she manages. summary of the non-employee requests in the source(s) he or she manages.

8
static/api-specs/idn/v3/paths/non-employee-request.yaml
View File

@@ -6,11 +6,11 @@ get:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Get a Non-Employee Request summary: Get a Non-Employee Request
description: >- description: >-
This gets a non-employee request.<br><br> This gets a non-employee request.
There are two contextual uses for this endpoint:<br> There are two contextual uses for this endpoint:
1. The user has the role context of `idn:nesr:read`, in this case the user 1. The user has the role context of `idn:nesr:read`, in this case the user
can get the non-employee request for any user.<br> can get the non-employee request for any user.
2. The user must be the owner of the non-employee request. 2. The user must be the owner of the non-employee request.
parameters: parameters:
- in: path - in: path
@@ -48,7 +48,7 @@ delete:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Delete Non-Employee Request summary: Delete Non-Employee Request
description: >- description: >-
This request will delete a non-employee request.<br><br> This request will delete a non-employee request.
Requires role context of `idn:nesr:delete` Requires role context of `idn:nesr:delete`
parameters: parameters:

19
static/api-specs/idn/v3/paths/non-employee-requests.yaml
View File

@@ -6,9 +6,8 @@ post:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Create Non-Employee Request summary: Create Non-Employee Request
description: >- description: >-
This request will create a non-employee request and notify the This request will create a non-employee request and notify the approver.
approver.<br><br> Requires role context of `idn:nesr:create` or the user Requires role context of `idn:nesr:create` or the user must own the source.
must own the source.
requestBody: requestBody:
description: Non-Employee creation request body description: Non-Employee creation request body
required: true required: true
@@ -66,11 +65,11 @@ get:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: List Non-Employee Requests summary: List Non-Employee Requests
description: >- description: >-
This gets a list of non-employee requests.<br><br> There are two contextual This gets a list of non-employee requests. There are two contextual
uses for the `requested-for` path parameter:<br> uses for the `requested-for` path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or 1. The user has the role context of `idn:nesr:read`, in which case he or
she may request a list non-employee requests assigned to a particular she may request a list non-employee requests assigned to a particular
account manager by passing in that manager's id.<br> account manager by passing in that manager's id.
2. The current user is an account manager, in which case "me" should be 2. The current user is an account manager, in which case "me" should be
provided as the `requested-for` value. This will provide the user with a provided as the `requested-for` value. This will provide the user with a
list of the non-employee requests in the source(s) he or she manages. list of the non-employee requests in the source(s) he or she manages.
@@ -97,7 +96,7 @@ get:
description: >- description: >-
Sort results using the standard syntax described in [V3 API Standard Sort results using the standard syntax described in [V3 API Standard
Collection Collection
Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)<br/><br/> Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
Sorting is supported for the following fields: **created, Sorting is supported for the following fields: **created,
approvalStatus, firstName, lastName, email, phone, accountName, approvalStatus, firstName, lastName, email, phone, accountName,
startDate, endDate** startDate, endDate**
@@ -110,9 +109,9 @@ get:
description: >- description: >-
Filter results using the standard syntax described in [V3 API Standard Filter results using the standard syntax described in [V3 API Standard
Collection Collection
Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)<br/><br/> Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407)
Filtering is supported for the following fields and operators:<br/><br/> Filtering is supported for the following fields and operators:
**sourceId**: *eq* <br/><br/> *Example:* sourceId eq **sourceId**: *eq* *Example:* sourceId eq
"2c91808568c529c60168cca6f90c1313" "2c91808568c529c60168cca6f90c1313"
responses: responses:
"200": "200":

2
static/api-specs/idn/v3/paths/non-employee-source-aggregate.yaml
View File

@@ -7,7 +7,7 @@ post:
summary: Aggregate all accounts for a Non-Employee Source summary: Aggregate all accounts for a Non-Employee Source
description: >- description: >-
This fetches all the non-employee records related to a non-employee source This fetches all the non-employee records related to a non-employee source
and publishes an aggregation event for each one.<br><br> and publishes an aggregation event for each one.
Requires auth scope of 'idn:nesr:create' Requires auth scope of 'idn:nesr:create'
parameters: parameters:

10
static/api-specs/idn/v3/paths/non-employee-source.yaml
View File

@@ -6,10 +6,10 @@ get:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Get a Non-Employee Source summary: Get a Non-Employee Source
description: >- description: >-
This gets a non-employee source.<br><br> There are two contextual uses for This gets a non-employee source. There are two contextual uses for the
the requested-for path parameter: <br> requested-for path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or 1. The user has the role context of `idn:nesr:read`, in which case he or
she may request any source.<br> she may request any source.
2. The current user is an account manager, in which case the user can only 2. The current user is an account manager, in which case the user can only
request sources that they own. request sources that they own.
parameters: parameters:
@@ -47,7 +47,7 @@ patch:
summary: Patch a Non-Employee Source summary: Patch a Non-Employee Source
description: >- description: >-
patch a non-employee source. (partial update) <br/> Patchable field: **name, patch a non-employee source. (partial update) <br/> Patchable field: **name,
description, approvers, accountManagers**<br><br> Requires role context of description, approvers, accountManagers** Requires role context of
`idn:nesr:update`. `idn:nesr:update`.
parameters: parameters:
- in: path - in: path
@@ -105,7 +105,7 @@ delete:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Delete Non-Employee Source summary: Delete Non-Employee Source
description: >- description: >-
This request will delete a non-employee source.<br><br> Requires role This request will delete a non-employee source. Requires role
context of `idn:nesr:delete`. context of `idn:nesr:delete`.
parameters: parameters:
- in: path - in: path

4
static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-details.yaml
View File

@@ -6,9 +6,9 @@ get:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Details of bulk upload job on source summary: Details of bulk upload job on source
description: | description: |
This API returns the details of the newest bulk upload job for the specified source.<br><br> This API returns the details of the newest bulk upload job for the specified source.
Requires role context of `idn:nesr:read`<br><br> Requires role context of `idn:nesr:read`
This is for internal use only. This is for internal use only.
parameters: parameters:

4
static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-non-employees.yaml
View File

@@ -6,8 +6,8 @@ post:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Imports, or Updates, Non-Employee Records summary: Imports, or Updates, Non-Employee Records
description: >- description: >-
This post will import, or update, Non-Employee records found in the This post will import, or update, Non-Employee records found in the CSV.
CSV.<br><br> Requires role context of `idn:nesr:create` Requires role context of `idn:nesr:create`
parameters: parameters:
- in: path - in: path
name: id name: id

2
static/api-specs/idn/v3/paths/non-employee-sources-bulk-upload-status.yaml
View File

@@ -6,7 +6,7 @@ get:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Obtain the status of bulk upload on the source summary: Obtain the status of bulk upload on the source
description: | description: |
The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source.<br><br> The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source.
Requires role context of `idn:nesr:read` Requires role context of `idn:nesr:read`
parameters: parameters:
- in: path - in: path

4
static/api-specs/idn/v3/paths/non-employee-sources-export-non-employees.yaml
View File

@@ -6,8 +6,8 @@ get:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Exports Non-Employee Records to CSV summary: Exports Non-Employee Records to CSV
description: >- description: >-
This requests a CSV download for all non-employees from a provided This requests a CSV download for all non-employees from a provided source.
source.<br><br> Requires role context of `idn:nesr:read` Requires role context of `idn:nesr:read`
parameters: parameters:
- in: path - in: path
name: id name: id

30
static/api-specs/idn/v3/paths/non-employee-sources-export-schema-attributes-template.yaml
View File

@@ -6,8 +6,8 @@ get:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Exports Source Schema Template summary: Exports Source Schema Template
description: >- description: >-
This requests a download for the Source Schema Template for a provided source.<br><br> This requests a download for the Source Schema Template for a provided
Requires role context of `idn:nesr:read` source. Requires role context of `idn:nesr:read`
parameters: parameters:
- in: path - in: path
name: id name: id
@@ -18,21 +18,21 @@ get:
schema: schema:
type: string type: string
responses: responses:
'200': "200":
description: Exported Source Schema Template description: Exported Source Schema Template
content: content:
text/csv: text/csv:
example: | example: |
accountName,firstName,lastName,phone,email,manager,startDate,endDate accountName,firstName,lastName,phone,email,manager,startDate,endDate
'400': "400":
$ref: '../responses/400.yaml' $ref: "../responses/400.yaml"
'401': "401":
$ref: '../responses/401.yaml' $ref: "../responses/401.yaml"
'403': "403":
$ref: '../responses/403.yaml' $ref: "../responses/403.yaml"
'404': "404":
$ref: '../responses/404.yaml' $ref: "../responses/404.yaml"
'429': "429":
$ref: '../responses/429.yaml' $ref: "../responses/429.yaml"
'500': "500":
$ref: '../responses/500.yaml' $ref: "../responses/500.yaml"

94
static/api-specs/idn/v3/paths/non-employee-sources-schema-attribute.yaml
View File

@@ -6,8 +6,9 @@ get:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Get Schema Attribute Non-Employee Source summary: Get Schema Attribute Non-Employee Source
description: >- description: >-
This API gets a schema attribute by Id for the specified Non-Employee SourceId.<br><br> This API gets a schema attribute by Id for the specified Non-Employee
Requires role context of `idn:nesr:read` or the user must be an account manager of the source. SourceId. Requires role context of `idn:nesr:read` or the user must be an
account manager of the source.
parameters: parameters:
- in: path - in: path
name: attributeId name: attributeId
@@ -24,22 +25,22 @@ get:
example: ef38f94347e94562b5bb8424a56397d8 example: ef38f94347e94562b5bb8424a56397d8
description: The Source id description: The Source id
responses: responses:
'200': "200":
description: The Schema Attribute description: The Schema Attribute
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/non-employee/NonEmployeeSchemaAttribute.yaml' $ref: "../schemas/non-employee/NonEmployeeSchemaAttribute.yaml"
'400': "400":
$ref: '../responses/400.yaml' $ref: "../responses/400.yaml"
'401': "401":
$ref: '../responses/401.yaml' $ref: "../responses/401.yaml"
'403': "403":
$ref: '../responses/403.yaml' $ref: "../responses/403.yaml"
'429': "429":
$ref: '../responses/429.yaml' $ref: "../responses/429.yaml"
'500': "500":
$ref: '../responses/500.yaml' $ref: "../responses/500.yaml"
patch: patch:
operationId: patchSchemaAttribute operationId: patchSchemaAttribute
# security: # security:
@@ -48,7 +49,7 @@ patch:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Patch a Schema Attribute for Non-Employee Source summary: Patch a Schema Attribute for Non-Employee Source
description: | description: |
This end-point patches a specific schema attribute for a non-employee SourceId.<br><br> This end-point patches a specific schema attribute for a non-employee SourceId.
Requires role context of `idn:nesr:update` Requires role context of `idn:nesr:update`
parameters: parameters:
- in: path - in: path
@@ -66,38 +67,41 @@ patch:
description: The Source id description: The Source id
example: ef38f94347e94562b5bb8424a56397d8 example: ef38f94347e94562b5bb8424a56397d8
requestBody: requestBody:
description: A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. description:
The following properties are allowed for update ':' 'label', 'helpText', 'placeholder', 'required'. A list of schema attribute update operations according to the [JSON
Patch](https://tools.ietf.org/html/rfc6902) standard. The following
properties are allowed for update ':' 'label', 'helpText', 'placeholder',
'required'.
content: content:
application/json-patch+json: application/json-patch+json:
schema: schema:
type: array type: array
items: items:
$ref: '../schemas/JsonPatchOperation.yaml' $ref: "../schemas/JsonPatchOperation.yaml"
example: example:
- op: "replace" - op: "replace"
path: "/label" path: "/label"
value: { "new attribute label" } value: { "new attribute label" }
required: true required: true
responses: responses:
'200': "200":
description: The Schema Attribute was successfully patched. description: The Schema Attribute was successfully patched.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/non-employee/NonEmployeeSchemaAttribute.yaml' $ref: "../schemas/non-employee/NonEmployeeSchemaAttribute.yaml"
'400': "400":
$ref: '../responses/400.yaml' $ref: "../responses/400.yaml"
'401': "401":
$ref: '../responses/401.yaml' $ref: "../responses/401.yaml"
'403': "403":
$ref: '../responses/403.yaml' $ref: "../responses/403.yaml"
'404': "404":
$ref: '../responses/404.yaml' $ref: "../responses/404.yaml"
'429': "429":
$ref: '../responses/429.yaml' $ref: "../responses/429.yaml"
'500': "500":
$ref: '../responses/500.yaml' $ref: "../responses/500.yaml"
delete: delete:
operationId: deleteSchemaAttribute operationId: deleteSchemaAttribute
# security: # security:
@@ -106,7 +110,7 @@ delete:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Delete a Schema Attribute for Non-Employee Source summary: Delete a Schema Attribute for Non-Employee Source
description: | description: |
This end-point deletes a specific schema attribute for a non-employee source.<br><br> This end-point deletes a specific schema attribute for a non-employee source.
Requires role context of `idn:nesr:delete` Requires role context of `idn:nesr:delete`
parameters: parameters:
- in: path - in: path
@@ -124,16 +128,16 @@ delete:
description: The Source id description: The Source id
example: ef38f94347e94562b5bb8424a56397d8 example: ef38f94347e94562b5bb8424a56397d8
responses: responses:
'204': "204":
$ref: '../responses/204.yaml' $ref: "../responses/204.yaml"
description: The Schema Attribute was successfully deleted. description: The Schema Attribute was successfully deleted.
'400': "400":
$ref: '../responses/400.yaml' $ref: "../responses/400.yaml"
'401': "401":
$ref: '../responses/401.yaml' $ref: "../responses/401.yaml"
'403': "403":
$ref: '../responses/403.yaml' $ref: "../responses/403.yaml"
'429': "429":
$ref: '../responses/429.yaml' $ref: "../responses/429.yaml"
'500': "500":
$ref: '../responses/500.yaml' $ref: "../responses/500.yaml"

84
static/api-specs/idn/v3/paths/non-employee-sources-schema-attributes.yaml
View File

@@ -8,7 +8,7 @@ get:
description: This API gets the list of schema attributes for the specified Non-Employee SourceId. There are 8 description: This API gets the list of schema attributes for the specified Non-Employee SourceId. There are 8
mandatory attributes added to each new Non-Employee Source automatically. Additionaly, user can mandatory attributes added to each new Non-Employee Source automatically. Additionaly, user can
add up to 10 custom attributes. This interface returns all the mandatory attributes followed by add up to 10 custom attributes. This interface returns all the mandatory attributes followed by
any custom attributes. At most, a total of 18 attributes will be returned.<br><br> any custom attributes. At most, a total of 18 attributes will be returned.
Requires role context of `idn:nesr:read` or the user must be an account manager of the source. Requires role context of `idn:nesr:read` or the user must be an account manager of the source.
parameters: parameters:
@@ -20,27 +20,27 @@ get:
example: ef38f94347e94562b5bb8424a56397d8 example: ef38f94347e94562b5bb8424a56397d8
description: The Source id description: The Source id
responses: responses:
'200': "200":
description: A list of Schema Attributes description: A list of Schema Attributes
content: content:
application/json: application/json:
schema: schema:
type: array type: array
items: items:
$ref: '../schemas/non-employee/NonEmployeeSchemaAttribute.yaml' $ref: "../schemas/non-employee/NonEmployeeSchemaAttribute.yaml"
maxItems: 18 maxItems: 18
'400': "400":
$ref: '../responses/400.yaml' $ref: "../responses/400.yaml"
'401': "401":
$ref: '../responses/401.yaml' $ref: "../responses/401.yaml"
'403': "403":
$ref: '../responses/403.yaml' $ref: "../responses/403.yaml"
'404': "404":
$ref: '../responses/404.yaml' $ref: "../responses/404.yaml"
'429': "429":
$ref: '../responses/429.yaml' $ref: "../responses/429.yaml"
'500': "500":
$ref: '../responses/500.yaml' $ref: "../responses/500.yaml"
post: post:
operationId: createSchemaAttribute operationId: createSchemaAttribute
# security: # security:
@@ -52,7 +52,7 @@ post:
This API creates a new schema attribute for Non-Employee Source. The schema technical name must be This API creates a new schema attribute for Non-Employee Source. The schema technical name must be
unique in the source. Attempts to create a schema attribute with an existing name will result in a unique in the source. Attempts to create a schema attribute with an existing name will result in a
"400.1.409 Reference conflict" response. At most, 10 custom attributes can be created per schema. Attempts "400.1.409 Reference conflict" response. At most, 10 custom attributes can be created per schema. Attempts
to create more than 10 will result in a "400.1.4 Limit violation" response.<br><br> to create more than 10 will result in a "400.1.4 Limit violation" response.
Requires role context of `idn:nesr:create` Requires role context of `idn:nesr:create`
parameters: parameters:
@@ -68,25 +68,25 @@ post:
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/non-employee/NonEmployeeSchemaAttributeBody.yaml' $ref: "../schemas/non-employee/NonEmployeeSchemaAttributeBody.yaml"
responses: responses:
'200': "200":
description: >- description: >-
Schema Attribute created. Schema Attribute created.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/non-employee/NonEmployeeSchemaAttribute.yaml' $ref: "../schemas/non-employee/NonEmployeeSchemaAttribute.yaml"
'400': "400":
$ref: '../responses/400.yaml' $ref: "../responses/400.yaml"
'401': "401":
$ref: '../responses/401.yaml' $ref: "../responses/401.yaml"
'403': "403":
$ref: '../responses/403.yaml' $ref: "../responses/403.yaml"
'429': "429":
$ref: '../responses/429.yaml' $ref: "../responses/429.yaml"
'500': "500":
$ref: '../responses/500.yaml' $ref: "../responses/500.yaml"
delete: delete:
operationId: deleteSchemaAttributes operationId: deleteSchemaAttributes
# security: # security:
@@ -95,7 +95,7 @@ delete:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Delete all custom schema attributes for Non-Employee Source summary: Delete all custom schema attributes for Non-Employee Source
description: >- description: >-
This end-point deletes all custom schema attributes for a non-employee source.<br><br> This end-point deletes all custom schema attributes for a non-employee source.
Requires role context of `idn:nesr:delete` Requires role context of `idn:nesr:delete`
parameters: parameters:
- in: path - in: path
@@ -106,16 +106,16 @@ delete:
description: The Source id description: The Source id
example: ef38f94347e94562b5bb8424a56397d8 example: ef38f94347e94562b5bb8424a56397d8
responses: responses:
'204': "204":
$ref: '../responses/204.yaml' $ref: "../responses/204.yaml"
description: All custon Schema Attributes were successfully deleted. description: All custon Schema Attributes were successfully deleted.
'400': "400":
$ref: '../responses/400.yaml' $ref: "../responses/400.yaml"
'401': "401":
$ref: '../responses/401.yaml' $ref: "../responses/401.yaml"
'403': "403":
$ref: '../responses/403.yaml' $ref: "../responses/403.yaml"
'429': "429":
$ref: '../responses/429.yaml' $ref: "../responses/429.yaml"
'500': "500":
$ref: '../responses/500.yaml' $ref: "../responses/500.yaml"

81
static/api-specs/idn/v3/paths/non-employee-sources.yaml
View File

@@ -6,32 +6,31 @@ post:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: Create Non-Employee Source summary: Create Non-Employee Source
description: >- description: >-
This request will create a non-employee source.<br><br> This request will create a non-employee source. Requires role context of `idn:nesr:create`
Requires role context of `idn:nesr:create`
requestBody: requestBody:
description: Non-Employee source creation request body. description: Non-Employee source creation request body.
required: true required: true
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/non-employee/NonEmployeeSourceRequestBody.yaml' $ref: "../schemas/non-employee/NonEmployeeSourceRequestBody.yaml"
responses: responses:
'200': "200":
description: Created non-employee source. description: Created non-employee source.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/non-employee/NonEmployeeSourceWithCloudExternalId.yaml' $ref: "../schemas/non-employee/NonEmployeeSourceWithCloudExternalId.yaml"
'400': "400":
$ref: '../responses/400.yaml' $ref: "../responses/400.yaml"
'401': "401":
$ref: '../responses/401.yaml' $ref: "../responses/401.yaml"
'403': "403":
$ref: '../responses/403.yaml' $ref: "../responses/403.yaml"
'429': "429":
$ref: '../responses/429.yaml' $ref: "../responses/429.yaml"
'500': "500":
$ref: '../responses/500.yaml' $ref: "../responses/500.yaml"
get: get:
operationId: nonEmployeeSourcesList operationId: nonEmployeeSourcesList
security: security:
@@ -40,14 +39,18 @@ get:
- Non-Employee Lifecycle Management - Non-Employee Lifecycle Management
summary: List Non-Employee Sources summary: List Non-Employee Sources
description: >- description: >-
This gets a list of non-employee sources.<br><br> This gets a list of non-employee sources. There are two contextual uses for
There are two contextual uses for the requested-for path parameter: <br> the requested-for path parameter:
1. The user has the role context of `idn:nesr:read`, in which case he or she may request a list sources assigned to a particular account manager by passing in that manager's id.<br> 1. The user has the role context of `idn:nesr:read`, in which case he or
2. The current user is an account manager, in which case "me" should be provided as the `requested-for` value. This will provide the user with a list of the sources that he or she owns. she may request a list sources assigned to a particular account manager by
passing in that manager's id.
2. The current user is an account manager, in which case "me" should be
provided as the `requested-for` value. This will provide the user with a
list of the sources that he or she owns.
parameters: parameters:
- $ref: '../parameters/limit.yaml' - $ref: "../parameters/limit.yaml"
- $ref: '../parameters/offset.yaml' - $ref: "../parameters/offset.yaml"
- $ref: '../parameters/count.yaml' - $ref: "../parameters/count.yaml"
- in: query - in: query
name: requested-for name: requested-for
required: true required: true
@@ -55,7 +58,8 @@ get:
type: string type: string
example: me example: me
description: >- description: >-
The identity for whom the request was made. *me* indicates the current user. The identity for whom the request was made. *me* indicates the current
user.
- in: query - in: query
name: non-employee-count name: non-employee-count
required: false required: false
@@ -63,7 +67,8 @@ get:
schema: schema:
type: boolean type: boolean
description: >- description: >-
The flag to determine whether return a non-employee count associate with source. The flag to determine whether return a non-employee count associate with
source.
- in: query - in: query
name: sorters name: sorters
required: false required: false
@@ -72,24 +77,26 @@ get:
format: comma-separated format: comma-separated
example: "name,created" example: "name,created"
description: >- description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)<br/><br/> Sort results using the standard syntax described in [V3 API Standard
Collection
Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949)
Sorting is supported for the following fields: **name, created** Sorting is supported for the following fields: **name, created**
responses: responses:
'200': "200":
description: List of non-employee sources objects. description: List of non-employee sources objects.
content: content:
application/json: application/json:
schema: schema:
type: array type: array
items: items:
$ref: '../schemas/non-employee/NonEmployeeSourceWithNECount.yaml' $ref: "../schemas/non-employee/NonEmployeeSourceWithNECount.yaml"
'400': "400":
$ref: '../responses/400.yaml' $ref: "../responses/400.yaml"
'401': "401":
$ref: '../responses/401.yaml' $ref: "../responses/401.yaml"
'403': "403":
$ref: '../responses/403.yaml' $ref: "../responses/403.yaml"
'429': "429":
$ref: '../responses/429.yaml' $ref: "../responses/429.yaml"
'500': "500":
$ref: '../responses/500.yaml' $ref: "../responses/500.yaml"

40
static/api-specs/idn/v3/paths/personal-access-token.yaml
View File

@@ -4,14 +4,14 @@ delete:
- Personal Access Tokens - Personal Access Tokens
summary: Delete Personal Access Token summary: Delete Personal Access Token
description: >- description: >-
This deletes a personal access token </br> This deletes a personal access token
</br>
Any of the following rights are required to access this resource: Any of the following rights are required to access this resource:
<ul>
<li>idn:my-personal-access-tokens:delete</li> - idn:my-personal-access-tokens:delete
<li>idn:all-personal-access-tokens:delete</li> - idn:all-personal-access-tokens:delete
<li>idn:managed-personal-access-tokens:delete</li> - idn:managed-personal-access-tokens:delete
</ul>
parameters: parameters:
- in: path - in: path
name: id name: id
@@ -21,17 +21,17 @@ delete:
description: The personal access token id description: The personal access token id
example: ef38f94347e94562b5bb8424a56397d8 example: ef38f94347e94562b5bb8424a56397d8
responses: responses:
'204': "204":
description: No content. description: No content.
'400': "400":
$ref: '../responses/400.yaml' $ref: "../responses/400.yaml"
'401': "401":
$ref: '../responses/401.yaml' $ref: "../responses/401.yaml"
'403': "403":
$ref: '../responses/403.yaml' $ref: "../responses/403.yaml"
'404': "404":
$ref: '../responses/404.yaml' $ref: "../responses/404.yaml"
'429': "429":
$ref: '../responses/429.yaml' $ref: "../responses/429.yaml"
'500': "500":
$ref: '../responses/500.yaml' $ref: "../responses/500.yaml"

100
static/api-specs/idn/v3/paths/personal-access-tokens.yaml
View File

@@ -4,27 +4,27 @@ get:
- Personal Access Tokens - Personal Access Tokens
summary: List Personal Access Tokens summary: List Personal Access Tokens
description: >- description: >-
This gets a collection of personal access tokens associated with the optional <code>owner-id</code>. </br> This gets a collection of personal access tokens associated with the optional `owner-id`.
query parameter. If the <code>owner-id</code> query parameter is omitted, all personal access tokens </br> query parameter. If the `owner-id` query parameter is omitted, all personal access tokens
for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right. </br> for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right.
</br>
Any of the following rights are required to access this resource: Any of the following rights are required to access this resource:
<ul>
<li>idn:my-personal-access-tokens:read</li> - idn:my-personal-access-tokens:read
<li>idn:all-personal-access-tokens:read</li> - idn:all-personal-access-tokens:read
<li>idn:managed-personal-access-tokens:read</li> - idn:managed-personal-access-tokens:read
</ul>
parameters: parameters:
- in: query - in: query
name: owner-id name: owner-id
description: >- description: >-
The identity ID of the owner whose personal access tokens should be listed. </br> The identity ID of the owner whose personal access tokens should be listed.
If "me", the caller should have the following right: 'idn:my-personal-access-tokens:read'</br> If "me", the caller should have the following right: 'idn:my-personal-access-tokens:read'
</br>
If an actual owner ID or if the <code>owner-id</code> parameter is omitted in the request, </br> If an actual owner ID or if the `owner-id` parameter is omitted in the request,
the caller should have the following right: 'idn:all-personal-access-tokens:read'. </br> the caller should have the following right: 'idn:all-personal-access-tokens:read'.
</br>
If the caller has the following right, then managed personal access tokens associated with <code>owner-id</code> </br> If the caller has the following right, then managed personal access tokens associated with `owner-id`
will be retrieved: 'idn:managed-personal-access-tokens:read' will be retrieved: 'idn:managed-personal-access-tokens:read'
required: false required: false
schema: schema:
@@ -32,59 +32,61 @@ get:
default: null default: null
example: 2c9180867b50d088017b554662fb281e example: 2c9180867b50d088017b554662fb281e
responses: responses:
'200': "200":
description: List of personal access tokens. description: List of personal access tokens.
content: content:
application/json: application/json:
schema: schema:
type: array type: array
items: items:
$ref: '../schemas/GetPersonalAccessTokenResponse.yaml' $ref: "../schemas/GetPersonalAccessTokenResponse.yaml"
'400': "400":
$ref: '../responses/400.yaml' $ref: "../responses/400.yaml"
'401': "401":
$ref: '../responses/401.yaml' $ref: "../responses/401.yaml"
'403': "403":
$ref: '../responses/403.yaml' $ref: "../responses/403.yaml"
'429': "429":
$ref: '../responses/429.yaml' $ref: "../responses/429.yaml"
'500': "500":
$ref: '../responses/500.yaml' $ref: "../responses/500.yaml"
post: post:
operationId: createPersonalAccessToken operationId: createPersonalAccessToken
tags: tags:
- Personal Access Tokens - Personal Access Tokens
summary: Create Personal Access Token summary: Create Personal Access Token
description: >- description: >-
This creates a personal access token. </br> This creates a personal access token.
</br>
Any of the following rights are required to access this resource: Any of the following rights are required to access this resource:
<ul>
<li>idn:my-personal-access-tokens:create</li> - idn:my-personal-access-tokens:create
<li>idn:all-personal-access-tokens:create</li> - idn:all-personal-access-tokens:create
<li>idn:managed-personal-access-tokens:create</li> - idn:managed-personal-access-tokens:create
</ul>
requestBody: requestBody:
description: Name and scope of personal access token. description: Name and scope of personal access token.
required: true required: true
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/CreatePersonalAccessTokenRequest.yaml' $ref: "../schemas/CreatePersonalAccessTokenRequest.yaml"
responses: responses:
'200': "200":
description: Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed. description:
Created. Note - this is the only time Personal Access Tokens' secret
attribute will be displayed.
content: content:
application/json: application/json:
schema: schema:
$ref: '../schemas/CreatePersonalAccessTokenResponse.yaml' $ref: "../schemas/CreatePersonalAccessTokenResponse.yaml"
'400': "400":
$ref: '../responses/400.yaml' $ref: "../responses/400.yaml"
'401': "401":
$ref: '../responses/401.yaml' $ref: "../responses/401.yaml"
'403': "403":
$ref: '../responses/403.yaml' $ref: "../responses/403.yaml"
'429': "429":
$ref: '../responses/429.yaml' $ref: "../responses/429.yaml"
'500': "500":
$ref: '../responses/500.yaml' $ref: "../responses/500.yaml"

52
static/api-specs/idn/v3/schemas/transforms/AccountAttribute.yaml
View File

@@ -1,8 +1,8 @@
title: accountAttribute title: accountAttribute
type: object type: object
required: required:
- sourceName - sourceName
- attributeName - attributeName
properties: properties:
sourceName: sourceName:
type: string type: string
@@ -10,46 +10,60 @@ properties:
example: Workday example: Workday
attributeName: attributeName:
type: string type: string
description: The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema. description:
The name of the attribute on the account to return. This should match the
name of the account attribute name visible in the user interface, or on
the source schema.
example: DEPARTMENT example: DEPARTMENT
accountSortAttribute: accountSortAttribute:
type: string type: string
description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries description:
The value of this configuration is a string name of the attribute to use
when determining the ordering of returned accounts when there are multiple
entries
example: created example: created
accountSortDescending: accountSortDescending:
type: boolean type: boolean
description: >- description: >-
The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. The value of this configuration is a boolean (true/false). Controls the
If not defined, the transform will default to false (ascending order) order of the sort when there are multiple accounts. If not defined, the
transform will default to false (ascending order)
example: false example: false
accountReturnFirstLink: accountReturnFirstLink:
type: boolean type: boolean
description: >- description: >-
The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. The value of this configuration is a boolean (true/false). Controls which
If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. account to source a value from for an attribute. If this flag is set to
If not defined, the transform will default to false true, the transform returns the value from the first account in the list,
even if it is null. If it is set to false, the transform returns the first
non-null value. If not defined, the transform will default to false
example: false example: false
accountFilter: accountFilter:
type: string type: string
description: >- description: >-
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. This expression queries the database to narrow search results. The value
The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. of this configuration is a sailpoint.object.Filter expression and used
when searching against the database. The default filter will always
include the source and identity, and any subsequent expressions will be
combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available:
Only certain searchable attributes are available: </br> - `nativeIdentity` - the Account ID
- `nativeIdentity` - the Account ID </br> - `displayName` - the Account Name
- `displayName` - the Account Name </br>
- `entitlements` - a boolean value to determine if the account has entitlements - `entitlements` - a boolean value to determine if the account has entitlements
example: "!(nativeIdentity.startsWith(\"*DELETED*\"))" example: "!(nativeIdentity.startsWith(\"*DELETED*\"))"
accountPropertyFilter: accountPropertyFilter:
type: string type: string
description: >- description: >-
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. This expression is used to search and filter accounts in memory. The value
of this configuration is a sailpoint.object.Filter expression and used
when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory. All account attributes are available for filtering as this operation is
performed in memory.
example: "(groups.containsAll({'Admin'}) || location == 'Austin')" example: "(groups.containsAll({'Admin'}) || location == 'Austin')"
requiresPeriodicRefresh: requiresPeriodicRefresh:
$ref: './RequiresPeriodicRefresh.yaml' $ref: "./RequiresPeriodicRefresh.yaml"
input: input:
$ref: './input.yaml' $ref: "./input.yaml"