LukeParke/developer.sailpoint.com
1
0
Fork 0
mirror of https://github.com/LukeHagar/developer.sailpoint.com.git synced 2025-12-06 12:27:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
61d7c3be6eea03b02405ac429a9c5bfc283a68d3
developer.sailpoint.com/docs/sailpoint-api-beta/create-access-profile.api.mdx
jordan-violet-sp 61d7c3be6e added docs folder back into project
2022-08-16 21:39:45 -04:00

149 lines
74 KiB
Plaintext
Raw Blame History

---
id: create-access-profile
sidebar_label: Create an Access Profile
hide_title: true
hide_table_of_contents: true
api: {"operationId":"createAccessProfile","tags":["Access Profiles"],"description":"This API creates an Access Profile.\n\nA token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a token with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the Access Profile's Source.","requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","properties":{"id":{"type":"string","description":"The ID of the Access Profile","example":"2c91808a7190d06e01719938fcd20792","readOnly":true},"name":{"type":"string","description":"Name of the Access Profile","example":"Employee-database-read-write"},"description":{"type":"string","description":"Information about the Access Profile","example":"Collection of entitlements to read/write the employee database"},"created":{"type":"string","description":"Date the Access Profile was created","format":"date-time","example":"2021-03-01T22:32:58.104Z","readOnly":true},"modified":{"type":"string","description":"Date the Access Profile was last modified.","format":"date-time","example":"2021-03-02T20:22:28.104Z","readOnly":true},"enabled":{"type":"boolean","description":"Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.","example":true},"owner":{"description":"Owner of the Access Profile","type":"object","properties":{"type":{"description":"Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.","example":"IDENTITY","type":"string","enum":["ACCOUNT_CORRELATION_CONFIG","ACCESS_PROFILE","ACCESS_REQUEST_APPROVAL","ACCOUNT","APPLICATION","CAMPAIGN","CAMPAIGN_FILTER","CERTIFICATION","CLUSTER","CONNECTOR_SCHEMA","ENTITLEMENT","GOVERNANCE_GROUP","IDENTITY","IDENTITY_PROFILE","IDENTITY_REQUEST","LIFECYCLE_STATE","PASSWORD_POLICY","ROLE","RULE","SOD_POLICY","SOURCE","TAG_CATEGORY","TASK_RESULT","REPORT_RESULT","SOD_VIOLATION","ACCOUNT_ACTIVITY"]},"id":{"type":"string","description":"Identity id","example":"2c9180a46faadee4016fb4e018c20639"},"name":{"type":"string","description":"Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.","example":"support"}}},"source":{"type":"object","properties":{"id":{"type":"string","description":"The ID of the Source with with which the Access Profile is associated","example":"2c91809773dee3610173fdb0b6061ef4"},"type":{"type":"string","enum":["SOURCE"],"description":"The type of the Source, will always be SOURCE","example":"SOURCE"},"name":{"type":"string","description":"The display name of the associated Source","example":"ODS-AD-SOURCE"}}},"entitlements":{"type":"array","description":"A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.","items":{"type":"object","properties":{"id":{"type":"string","description":"The ID of the Entitlement","example":"2c91809773dee32014e13e122092014e"},"type":{"type":"string","enum":["ENTITLEMENT"],"description":"The type of the Entitlement, will always be ENTITLEMENT","example":"ENTITLEMENT"},"name":{"type":"string","description":"The display name of the Entitlement","example":"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local"}}}},"requestable":{"type":"boolean","description":"Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.","example":true},"accessRequestConfig":{"description":"Access request configuration for this object","type":"object","properties":{"commentsRequired":{"type":"boolean","description":"Whether the requester of the containing object must provide comments justifying the request","example":true},"denialCommentsRequired":{"type":"boolean","description":"Whether an approver must provide comments when denying the request","example":true},"approvalSchemes":{"type":"array","description":"List describing the steps in approving the request","items":{"type":"object","properties":{"approverType":{"type":"string","enum":["OWNER","SOURCE_OWNER","MANAGER","GOVERNANCE_GROUP"],"description":"Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field","example":"GOVERNANCE_GROUP"},"approverId":{"type":"string","description":"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP","example":"46c79819-a69f-49a2-becb-12c971ae66c6"}}}}}},"revocationRequestConfig":{"description":"Revocation request configuration for this object.","type":"object","properties":{"approvalSchemes":{"type":"array","description":"List describing the steps in approving the revocation request","items":{"type":"object","properties":{"approverType":{"type":"string","enum":["OWNER","SOURCE_OWNER","MANAGER","GOVERNANCE_GROUP"],"description":"Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field","example":"GOVERNANCE_GROUP"},"approverId":{"type":"string","description":"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP","example":"46c79819-a69f-49a2-becb-12c971ae66c6"}}}}}},"segments":{"type":"array","items":{"type":"string"},"description":"List of IDs of segments, if any, to which this Access Profile is assigned.","example":["f7b1b8a3-5fed-4fd4-ad29-82014e137e19","29cb6c06-1da8-43ea-8be4-b3125f248f2a"]},"provisioningCriteria":{"description":"When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.","nullable":true,"example":{"operation":"OR","children":[{"operation":"AND","children":[{"attribute":"dn","operation":"CONTAINS","value":"useast"},{"attribute":"manager","operation":"CONTAINS","value":"Scott.Clark"}]},{"operation":"AND","children":[{"attribute":"dn","operation":"EQUALS","value":"Gibson"},{"attribute":"telephoneNumber","operation":"CONTAINS","value":"512"}]}]},"type":"object","properties":{"operation":{"type":"string","enum":["EQUALS","NOT_EQUALS","CONTAINS","HAS","AND","OR"],"description":"Supported operations on ProvisioningCriteria","example":"EQUALS"},"attribute":{"type":"string","description":"Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.","example":"email","nullable":true},"value":{"type":"string","description":"String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.","example":"carlee.cert1c9f9b6fd@mailinator.com"},"children":{"type":"array","items":{"type":"object","description":"Defines matching criteria for an Account to be provisioned with a specific Access Profile","properties":{"operation":{"type":"string","enum":["EQUALS","NOT_EQUALS","CONTAINS","HAS","AND","OR"],"description":"Supported operations on ProvisioningCriteria","example":"EQUALS"},"attribute":{"type":"string","description":"Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.","example":"email","nullable":true},"value":{"type":"string","description":"String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.","example":"carlee.cert1c9f9b6fd@mailinator.com"},"children":{"type":"array","items":{"type":"object","description":"Defines matching criteria for an Account to be provisioned with a specific Access Profile","properties":{"operation":{"type":"string","enum":["EQUALS","NOT_EQUALS","CONTAINS","HAS","AND","OR"],"description":"Supported operations on ProvisioningCriteria","example":"EQUALS"},"attribute":{"type":"string","description":"Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.","example":"email","nullable":true},"value":{"type":"string","description":"String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.","example":"carlee.cert1c9f9b6fd@mailinator.com"}}},"nullable":true,"description":"Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.","example":null}}},"nullable":true,"description":"Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.","example":null}}}},"required":["owner","name","source"]}}}},"responses":{"201":{"description":"Access Profile created","content":{"application/json":{"schema":{"type":"object","properties":{"id":{"type":"string","description":"The ID of the Access Profile","example":"2c91808a7190d06e01719938fcd20792","readOnly":true},"name":{"type":"string","description":"Name of the Access Profile","example":"Employee-database-read-write"},"description":{"type":"string","description":"Information about the Access Profile","example":"Collection of entitlements to read/write the employee database"},"created":{"type":"string","description":"Date the Access Profile was created","format":"date-time","example":"2021-03-01T22:32:58.104Z","readOnly":true},"modified":{"type":"string","description":"Date the Access Profile was last modified.","format":"date-time","example":"2021-03-02T20:22:28.104Z","readOnly":true},"enabled":{"type":"boolean","description":"Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement.","example":true},"owner":{"description":"Owner of the Access Profile","type":"object","properties":{"type":{"description":"Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.","example":"IDENTITY","type":"string","enum":["ACCOUNT_CORRELATION_CONFIG","ACCESS_PROFILE","ACCESS_REQUEST_APPROVAL","ACCOUNT","APPLICATION","CAMPAIGN","CAMPAIGN_FILTER","CERTIFICATION","CLUSTER","CONNECTOR_SCHEMA","ENTITLEMENT","GOVERNANCE_GROUP","IDENTITY","IDENTITY_PROFILE","IDENTITY_REQUEST","LIFECYCLE_STATE","PASSWORD_POLICY","ROLE","RULE","SOD_POLICY","SOURCE","TAG_CATEGORY","TASK_RESULT","REPORT_RESULT","SOD_VIOLATION","ACCOUNT_ACTIVITY"]},"id":{"type":"string","description":"Identity id","example":"2c9180a46faadee4016fb4e018c20639"},"name":{"type":"string","description":"Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.","example":"support"}}},"source":{"type":"object","properties":{"id":{"type":"string","description":"The ID of the Source with with which the Access Profile is associated","example":"2c91809773dee3610173fdb0b6061ef4"},"type":{"type":"string","enum":["SOURCE"],"description":"The type of the Source, will always be SOURCE","example":"SOURCE"},"name":{"type":"string","description":"The display name of the associated Source","example":"ODS-AD-SOURCE"}}},"entitlements":{"type":"array","description":"A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.","items":{"type":"object","properties":{"id":{"type":"string","description":"The ID of the Entitlement","example":"2c91809773dee32014e13e122092014e"},"type":{"type":"string","enum":["ENTITLEMENT"],"description":"The type of the Entitlement, will always be ENTITLEMENT","example":"ENTITLEMENT"},"name":{"type":"string","description":"The display name of the Entitlement","example":"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local"}}}},"requestable":{"type":"boolean","description":"Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.","example":true},"accessRequestConfig":{"description":"Access request configuration for this object","type":"object","properties":{"commentsRequired":{"type":"boolean","description":"Whether the requester of the containing object must provide comments justifying the request","example":true},"denialCommentsRequired":{"type":"boolean","description":"Whether an approver must provide comments when denying the request","example":true},"approvalSchemes":{"type":"array","description":"List describing the steps in approving the request","items":{"type":"object","properties":{"approverType":{"type":"string","enum":["OWNER","SOURCE_OWNER","MANAGER","GOVERNANCE_GROUP"],"description":"Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field","example":"GOVERNANCE_GROUP"},"approverId":{"type":"string","description":"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP","example":"46c79819-a69f-49a2-becb-12c971ae66c6"}}}}}},"revocationRequestConfig":{"description":"Revocation request configuration for this object.","type":"object","properties":{"approvalSchemes":{"type":"array","description":"List describing the steps in approving the revocation request","items":{"type":"object","properties":{"approverType":{"type":"string","enum":["OWNER","SOURCE_OWNER","MANAGER","GOVERNANCE_GROUP"],"description":"Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field","example":"GOVERNANCE_GROUP"},"approverId":{"type":"string","description":"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP","example":"46c79819-a69f-49a2-becb-12c971ae66c6"}}}}}},"segments":{"type":"array","items":{"type":"string"},"description":"List of IDs of segments, if any, to which this Access Profile is assigned.","example":["f7b1b8a3-5fed-4fd4-ad29-82014e137e19","29cb6c06-1da8-43ea-8be4-b3125f248f2a"]},"provisioningCriteria":{"description":"When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.","nullable":true,"example":{"operation":"OR","children":[{"operation":"AND","children":[{"attribute":"dn","operation":"CONTAINS","value":"useast"},{"attribute":"manager","operation":"CONTAINS","value":"Scott.Clark"}]},{"operation":"AND","children":[{"attribute":"dn","operation":"EQUALS","value":"Gibson"},{"attribute":"telephoneNumber","operation":"CONTAINS","value":"512"}]}]},"type":"object","properties":{"operation":{"type":"string","enum":["EQUALS","NOT_EQUALS","CONTAINS","HAS","AND","OR"],"description":"Supported operations on ProvisioningCriteria","example":"EQUALS"},"attribute":{"type":"string","description":"Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.","example":"email","nullable":true},"value":{"type":"string","description":"String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.","example":"carlee.cert1c9f9b6fd@mailinator.com"},"children":{"type":"array","items":{"type":"object","description":"Defines matching criteria for an Account to be provisioned with a specific Access Profile","properties":{"operation":{"type":"string","enum":["EQUALS","NOT_EQUALS","CONTAINS","HAS","AND","OR"],"description":"Supported operations on ProvisioningCriteria","example":"EQUALS"},"attribute":{"type":"string","description":"Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.","example":"email","nullable":true},"value":{"type":"string","description":"String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.","example":"carlee.cert1c9f9b6fd@mailinator.com"},"children":{"type":"array","items":{"type":"object","description":"Defines matching criteria for an Account to be provisioned with a specific Access Profile","properties":{"operation":{"type":"string","enum":["EQUALS","NOT_EQUALS","CONTAINS","HAS","AND","OR"],"description":"Supported operations on ProvisioningCriteria","example":"EQUALS"},"attribute":{"type":"string","description":"Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.","example":"email","nullable":true},"value":{"type":"string","description":"String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.","example":"carlee.cert1c9f9b6fd@mailinator.com"}}},"nullable":true,"description":"Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.","example":null}}},"nullable":true,"description":"Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.","example":null}}}},"required":["owner","name","source"]}}}},"400":{"description":"Client Error - Returned if the request body is invalid.","content":{"application/json":{"schema":{"type":"object","properties":{"detailCode":{"type":"string","description":"Fine-grained error code providing more detail of the error.","example":"400.1 Bad Request Content"},"trackingId":{"type":"string","description":"Unique tracking id for the error.","example":"e7eab60924f64aa284175b9fa3309599"},"messages":{"type":"array","description":"Generic localized reason for error","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}},"causes":{"type":"array","description":"Plain-text descriptive reasons to provide additional detail to the text provided in the messages field","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}}}}}}},"401":{"description":"Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"description":"A message describing the error","example":"JWT validation failed: JWT is expired"}}}}}},"403":{"description":"Forbidden - Returned if the user you are running as, doesn't have access to this end-point.","content":{"application/json":{"schema":{"type":"object","properties":{"detailCode":{"type":"string","description":"Fine-grained error code providing more detail of the error.","example":"400.1 Bad Request Content"},"trackingId":{"type":"string","description":"Unique tracking id for the error.","example":"e7eab60924f64aa284175b9fa3309599"},"messages":{"type":"array","description":"Generic localized reason for error","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}},"causes":{"type":"array","description":"Plain-text descriptive reasons to provide additional detail to the text provided in the messages field","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}}}},"examples":{"403":{"summary":"An example of a 403 response object","value":{"detailCode":"403 Forbidden","trackingId":"b21b1f7ce4da4d639f2c62a57171b427","messages":[{"locale":"en-US","localeOrigin":"DEFAULT","text":"The server understood the request but refuses to authorize it."}]}}}}}},"429":{"description":"Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"description":"A message describing the error","example":" Rate Limit Exceeded "}}}}}},"500":{"description":"Internal Server Error - Returned if there is an unexpected error.","content":{"application/json":{"schema":{"type":"object","properties":{"detailCode":{"type":"string","description":"Fine-grained error code providing more detail of the error.","example":"400.1 Bad Request Content"},"trackingId":{"type":"string","description":"Unique tracking id for the error.","example":"e7eab60924f64aa284175b9fa3309599"},"messages":{"type":"array","description":"Generic localized reason for error","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}},"causes":{"type":"array","description":"Plain-text descriptive reasons to provide additional detail to the text provided in the messages field","items":{"type":"object","properties":{"locale":{"type":"string","description":"The locale for the message text, a BCP 47 language tag.","example":"en-US"},"localeOrigin":{"type":"string","enum":["DEFAULT","REQUEST"],"description":"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.","example":"DEFAULT"},"text":{"type":"string","description":"Actual text of the error message in the indicated locale.","example":"The request was syntactically correct but its content is semantically invalid."}}}}}},"examples":{"500":{"summary":"An example of a 500 response object","value":{"detailCode":"500.0 Internal Fault","trackingId":"b21b1f7ce4da4d639f2c62a57171b427","messages":[{"locale":"en-US","localeOrigin":"DEFAULT","text":"An internal fault occurred."}]}}}}}}},"security":[{"bearerAuth":["idn:access-profile:manage"]}],"method":"post","path":"/access-profiles","servers":[{"url":"https://{tenant}.api.identitynow.com/beta","description":"This is the beta API server.","variables":{"tenant":{"default":"sailpoint","description":"This is the name of your tenant, typically your company's name."}}}],"securitySchemes":{"oauth2":{"type":"oauth2","description":"OAuth2 Bearer token (JWT). See [IdentityNow REST API Authentication](https://developer.sailpoint.com/docs/authentication.html) for more information.\n- Directions for generating a [personal access token](https://developer.sailpoint.com/docs/authentication.html#personal-access-tokens)\n- Directions using [client credentials flow](https://developer.sailpoint.com/docs/authentication.html#client-credentials-grant-flow)\n- Directions for using [authorization code flow](https://developer.sailpoint.com/docs/authentication.html#authorization-code-grant-flow)\n\nWhich authentication method should I choose? See our [guide](https://developer.sailpoint.com/docs/authentication.html#which-oauth-2-0-grant-flow-should-i-use)\n\nLearn more about how to find your `tokenUrl` and `authorizationUrl` [in our docs](https://developer.sailpoint.com/docs/authentication.html#finding-your-tenant-s-oauth-details)\n","flows":{"clientCredentials":{"tokenUrl":"https://tenant.api.identitynow.com/oauth/token","scopes":{"sp:scopes:default":"default scope","sp:scopes:all":"access to all scopes"}},"authorizationCode":{"authorizationUrl":"https://tenant.identitynow.com/oauth/authorize","tokenUrl":"https://tenant.api.identitynow.com/oauth/token","scopes":{"sp:scopes:default":"default scope","sp:scopes:all":"access to all scopes"}}}}},"jsonRequestBodyExample":{"id":"2c91808a7190d06e01719938fcd20792","name":"Employee-database-read-write","description":"Collection of entitlements to read/write the employee database","created":"2021-03-01T22:32:58.104Z","modified":"2021-03-02T20:22:28.104Z","enabled":true,"owner":{"type":"IDENTITY","id":"2c9180a46faadee4016fb4e018c20639","name":"support"},"source":{"id":"2c91809773dee3610173fdb0b6061ef4","type":"SOURCE","name":"ODS-AD-SOURCE"},"entitlements":[{"id":"2c91809773dee32014e13e122092014e","type":"ENTITLEMENT","name":"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local"}],"requestable":true,"accessRequestConfig":{"commentsRequired":true,"denialCommentsRequired":true,"approvalSchemes":[{"approverType":"GOVERNANCE_GROUP","approverId":"46c79819-a69f-49a2-becb-12c971ae66c6"}]},"revocationRequestConfig":{"approvalSchemes":[{"approverType":"GOVERNANCE_GROUP","approverId":"46c79819-a69f-49a2-becb-12c971ae66c6"}]},"segments":["f7b1b8a3-5fed-4fd4-ad29-82014e137e19","29cb6c06-1da8-43ea-8be4-b3125f248f2a"],"provisioningCriteria":{"operation":"OR","children":[{"operation":"AND","children":[{"attribute":"dn","operation":"CONTAINS","value":"useast"},{"attribute":"manager","operation":"CONTAINS","value":"Scott.Clark"}]},{"operation":"AND","children":[{"attribute":"dn","operation":"EQUALS","value":"Gibson"},{"attribute":"telephoneNumber","operation":"CONTAINS","value":"512"}]}]}},"info":{"contact":{"email":"developers@sailpoint.com","name":"Developer Relations","url":"https://developer.sailpoint.com/discuss"},"description":"These are the public, beta APIs for SailPoint's SaaS services and are subject to change.","title":"SailPoint - Beta SaaS API","version":"3.1.0-beta"},"postman":{"name":"Create an Access Profile","description":{"content":"This API creates an Access Profile.\n\nA token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a token with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the Access Profile's Source.","type":"text/plain"},"url":{"path":["access-profiles"],"host":["{{baseUrl}}"],"query":[],"variable":[]},"header":[{"key":"Content-Type","value":"application/json"},{"key":"Accept","value":"application/json"}],"method":"POST","body":{"mode":"raw","raw":"\"\"","options":{"raw":{"language":"json"}}}}}
sidebar_class_name: "post api-method"
info_path: docs/sailpoint-api-beta/sail-point-beta-saa-s-api
---
import ApiTabs from "@theme/ApiTabs";
import MimeTabs from "@theme/MimeTabs";
import ParamsItem from "@theme/ParamsItem";
import ResponseSamples from "@theme/ResponseSamples";
import SchemaItem from "@theme/SchemaItem"
import SchemaTabs from "@theme/SchemaTabs";
import DiscriminatorTabs from "@theme/DiscriminatorTabs";
import TabItem from "@theme/TabItem";
## Create an Access Profile
This API creates an Access Profile.
A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a token with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the Access Profile's Source.
<MimeTabs><TabItem label={"application/json"} value={"application/json-schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Request Body</strong><strong style={{"fontSize":"var(--ifm-code-font-size)","color":"var(--openapi-required)"}}> required</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"name"} required={true} schemaDescription={"Name of the Access Profile"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"description"} required={false} schemaDescription={"Information about the Access Profile"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"enabled"} required={false} schemaDescription={"Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement."} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>owner</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Owner of the Access Profile
</div><SchemaItem collapsible={false} name={"type"} required={false} schemaDescription={"Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result."} schemaName={"string"} qualifierMessage={"**Possible values:** [`ACCOUNT_CORRELATION_CONFIG`, `ACCESS_PROFILE`, `ACCESS_REQUEST_APPROVAL`, `ACCOUNT`, `APPLICATION`, `CAMPAIGN`, `CAMPAIGN_FILTER`, `CERTIFICATION`, `CLUSTER`, `CONNECTOR_SCHEMA`, `ENTITLEMENT`, `GOVERNANCE_GROUP`, `IDENTITY`, `IDENTITY_PROFILE`, `IDENTITY_REQUEST`, `LIFECYCLE_STATE`, `PASSWORD_POLICY`, `ROLE`, `RULE`, `SOD_POLICY`, `SOURCE`, `TAG_CATEGORY`, `TASK_RESULT`, `REPORT_RESULT`, `SOD_VIOLATION`, `ACCOUNT_ACTIVITY`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"id"} required={false} schemaDescription={"Identity id"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} schemaDescription={"Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>source</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"id"} required={false} schemaDescription={"The ID of the Source with with which the Access Profile is associated"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"type"} required={false} schemaDescription={"The type of the Source, will always be SOURCE"} schemaName={"string"} qualifierMessage={"**Possible values:** [`SOURCE`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} schemaDescription={"The display name of the associated Source"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>entitlements</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.
</div><SchemaItem collapsible={false} name={"id"} required={false} schemaDescription={"The ID of the Entitlement"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"type"} required={false} schemaDescription={"The type of the Entitlement, will always be ENTITLEMENT"} schemaName={"string"} qualifierMessage={"**Possible values:** [`ENTITLEMENT`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} schemaDescription={"The display name of the Entitlement"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={false} name={"requestable"} required={false} schemaDescription={"Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error."} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>accessRequestConfig</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Access request configuration for this object
</div><SchemaItem collapsible={false} name={"commentsRequired"} required={false} schemaDescription={"Whether the requester of the containing object must provide comments justifying the request"} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"denialCommentsRequired"} required={false} schemaDescription={"Whether an approver must provide comments when denying the request"} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>approvalSchemes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
List describing the steps in approving the request
</div><SchemaItem collapsible={false} name={"approverType"} required={false} schemaDescription={"Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field"} schemaName={"string"} qualifierMessage={"**Possible values:** [`OWNER`, `SOURCE_OWNER`, `MANAGER`, `GOVERNANCE_GROUP`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"approverId"} required={false} schemaDescription={"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>revocationRequestConfig</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Revocation request configuration for this object.
</div><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>approvalSchemes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
List describing the steps in approving the revocation request
</div><SchemaItem collapsible={false} name={"approverType"} required={false} schemaDescription={"Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field"} schemaName={"string"} qualifierMessage={"**Possible values:** [`OWNER`, `SOURCE_OWNER`, `MANAGER`, `GOVERNANCE_GROUP`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"approverId"} required={false} schemaDescription={"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={false} name={"segments"} required={false} schemaDescription={"List of IDs of segments, if any, to which this Access Profile is assigned."} schemaName={"string[]"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>provisioningCriteria</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.
</div><SchemaItem collapsible={false} name={"operation"} required={false} schemaDescription={"Supported operations on ProvisioningCriteria"} schemaName={"string"} qualifierMessage={"**Possible values:** [`EQUALS`, `NOT_EQUALS`, `CONTAINS`, `HAS`, `AND`, `OR`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"attribute"} required={false} schemaDescription={"Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"value"} required={false} schemaDescription={"String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>children</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.
</div><SchemaItem collapsible={false} name={"operation"} required={false} schemaDescription={"Supported operations on ProvisioningCriteria"} schemaName={"string"} qualifierMessage={"**Possible values:** [`EQUALS`, `NOT_EQUALS`, `CONTAINS`, `HAS`, `AND`, `OR`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"attribute"} required={false} schemaDescription={"Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"value"} required={false} schemaDescription={"String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>children</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.
</div><SchemaItem collapsible={false} name={"operation"} required={false} schemaDescription={"Supported operations on ProvisioningCriteria"} schemaName={"string"} qualifierMessage={"**Possible values:** [`EQUALS`, `NOT_EQUALS`, `CONTAINS`, `HAS`, `AND`, `OR`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"attribute"} required={false} schemaDescription={"Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"value"} required={false} schemaDescription={"String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem></div></details></SchemaItem></ul></details></TabItem></MimeTabs><div><ApiTabs><TabItem label={"201"} value={"201"}><div>
Access Profile created
</div><div><MimeTabs groupId={"mime-type"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs groupId={"schema-tabs"}><TabTtem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"id"} required={false} schemaDescription={"The ID of the Access Profile"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} schemaDescription={"Name of the Access Profile"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"description"} required={false} schemaDescription={"Information about the Access Profile"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"created"} required={false} schemaDescription={"Date the Access Profile was created"} schemaName={"date-time"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"modified"} required={false} schemaDescription={"Date the Access Profile was last modified."} schemaName={"date-time"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"enabled"} required={false} schemaDescription={"Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement."} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>owner</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Owner of the Access Profile
</div><SchemaItem collapsible={false} name={"type"} required={false} schemaDescription={"Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result."} schemaName={"string"} qualifierMessage={"**Possible values:** [`ACCOUNT_CORRELATION_CONFIG`, `ACCESS_PROFILE`, `ACCESS_REQUEST_APPROVAL`, `ACCOUNT`, `APPLICATION`, `CAMPAIGN`, `CAMPAIGN_FILTER`, `CERTIFICATION`, `CLUSTER`, `CONNECTOR_SCHEMA`, `ENTITLEMENT`, `GOVERNANCE_GROUP`, `IDENTITY`, `IDENTITY_PROFILE`, `IDENTITY_REQUEST`, `LIFECYCLE_STATE`, `PASSWORD_POLICY`, `ROLE`, `RULE`, `SOD_POLICY`, `SOURCE`, `TAG_CATEGORY`, `TASK_RESULT`, `REPORT_RESULT`, `SOD_VIOLATION`, `ACCOUNT_ACTIVITY`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"id"} required={false} schemaDescription={"Identity id"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} schemaDescription={"Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>source</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"id"} required={false} schemaDescription={"The ID of the Source with with which the Access Profile is associated"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"type"} required={false} schemaDescription={"The type of the Source, will always be SOURCE"} schemaName={"string"} qualifierMessage={"**Possible values:** [`SOURCE`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} schemaDescription={"The display name of the associated Source"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>entitlements</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement.
</div><SchemaItem collapsible={false} name={"id"} required={false} schemaDescription={"The ID of the Entitlement"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"type"} required={false} schemaDescription={"The type of the Entitlement, will always be ENTITLEMENT"} schemaName={"string"} qualifierMessage={"**Possible values:** [`ENTITLEMENT`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"name"} required={false} schemaDescription={"The display name of the Entitlement"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={false} name={"requestable"} required={false} schemaDescription={"Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error."} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>accessRequestConfig</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Access request configuration for this object
</div><SchemaItem collapsible={false} name={"commentsRequired"} required={false} schemaDescription={"Whether the requester of the containing object must provide comments justifying the request"} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"denialCommentsRequired"} required={false} schemaDescription={"Whether an approver must provide comments when denying the request"} schemaName={"boolean"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>approvalSchemes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
List describing the steps in approving the request
</div><SchemaItem collapsible={false} name={"approverType"} required={false} schemaDescription={"Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field"} schemaName={"string"} qualifierMessage={"**Possible values:** [`OWNER`, `SOURCE_OWNER`, `MANAGER`, `GOVERNANCE_GROUP`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"approverId"} required={false} schemaDescription={"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>revocationRequestConfig</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Revocation request configuration for this object.
</div><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>approvalSchemes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
List describing the steps in approving the revocation request
</div><SchemaItem collapsible={false} name={"approverType"} required={false} schemaDescription={"Describes the individual or group that is responsible for an approval step. Values are as follows.\n\n**OWNER**: Owner of the associated Access Profile or Role\n\n**SOURCE_OWNER**: Owner of the Source associated with an Access Profile\n\n**MANAGER**: Manager of the Identity making the request\n\n**GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field"} schemaName={"string"} qualifierMessage={"**Possible values:** [`OWNER`, `SOURCE_OWNER`, `MANAGER`, `GOVERNANCE_GROUP`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"approverId"} required={false} schemaDescription={"Id of the specific approver, used only when approverType is GOVERNANCE_GROUP"} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={false} name={"segments"} required={false} schemaDescription={"List of IDs of segments, if any, to which this Access Profile is assigned."} schemaName={"string[]"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>provisioningCriteria</strong><span style={{"opacity":"0.6"}}> object</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.
</div><SchemaItem collapsible={false} name={"operation"} required={false} schemaDescription={"Supported operations on ProvisioningCriteria"} schemaName={"string"} qualifierMessage={"**Possible values:** [`EQUALS`, `NOT_EQUALS`, `CONTAINS`, `HAS`, `AND`, `OR`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"attribute"} required={false} schemaDescription={"Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"value"} required={false} schemaDescription={"String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>children</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.
</div><SchemaItem collapsible={false} name={"operation"} required={false} schemaDescription={"Supported operations on ProvisioningCriteria"} schemaName={"string"} qualifierMessage={"**Possible values:** [`EQUALS`, `NOT_EQUALS`, `CONTAINS`, `HAS`, `AND`, `OR`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"attribute"} required={false} schemaDescription={"Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"value"} required={false} schemaDescription={"String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>children</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.
</div><SchemaItem collapsible={false} name={"operation"} required={false} schemaDescription={"Supported operations on ProvisioningCriteria"} schemaName={"string"} qualifierMessage={"**Possible values:** [`EQUALS`, `NOT_EQUALS`, `CONTAINS`, `HAS`, `AND`, `OR`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"attribute"} required={false} schemaDescription={"Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"value"} required={false} schemaDescription={"String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></div></details></SchemaItem></div></details></SchemaItem></ul></details></TabTtem></SchemaTabs></TabItem></MimeTabs></div></TabItem><TabItem label={"400"} value={"400"}><div>
Client Error - Returned if the request body is invalid.
</div><div><MimeTabs groupId={"mime-type"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs groupId={"schema-tabs"}><TabTtem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"detailCode"} required={false} schemaDescription={"Fine-grained error code providing more detail of the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"trackingId"} required={false} schemaDescription={"Unique tracking id for the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>messages</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Generic localized reason for error
</div><SchemaItem collapsible={false} name={"locale"} required={false} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>causes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
</div><SchemaItem collapsible={false} name={"locale"} required={false} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></ul></details></TabTtem></SchemaTabs></TabItem></MimeTabs></div></TabItem><TabItem label={"401"} value={"401"}><div>
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
</div><div><MimeTabs groupId={"mime-type"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs groupId={"schema-tabs"}><TabTtem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"error"} required={false} schemaDescription={"A message describing the error"} schemaName={""} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></ul></details></TabTtem></SchemaTabs></TabItem></MimeTabs></div></TabItem><TabItem label={"403"} value={"403"}><div>
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
</div><div><MimeTabs groupId={"mime-type"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs groupId={"schema-tabs"}><TabTtem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"detailCode"} required={false} schemaDescription={"Fine-grained error code providing more detail of the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"trackingId"} required={false} schemaDescription={"Unique tracking id for the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>messages</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Generic localized reason for error
</div><SchemaItem collapsible={false} name={"locale"} required={false} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>causes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
</div><SchemaItem collapsible={false} name={"locale"} required={false} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></ul></details></TabTtem><TabItem label={"403"} value={"403"}><ResponseSamples responseExample={"{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}"}></ResponseSamples></TabItem></SchemaTabs></TabItem></MimeTabs></div></TabItem><TabItem label={"429"} value={"429"}><div>
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
</div><div><MimeTabs groupId={"mime-type"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs groupId={"schema-tabs"}><TabTtem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"message"} required={false} schemaDescription={"A message describing the error"} schemaName={""} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></ul></details></TabTtem></SchemaTabs></TabItem></MimeTabs></div></TabItem><TabItem label={"500"} value={"500"}><div>
Internal Server Error - Returned if there is an unexpected error.
</div><div><MimeTabs groupId={"mime-type"}><TabItem label={"application/json"} value={"application/json"}><SchemaTabs groupId={"schema-tabs"}><TabTtem label={"Schema"} value={"Schema"}><details style={{}} data-collapsed={false} open={true}><summary style={{"textAlign":"left"}}><strong>Schema</strong></summary><div style={{"textAlign":"left","marginLeft":"1rem"}}></div><ul style={{"marginLeft":"1rem"}}><SchemaItem collapsible={false} name={"detailCode"} required={false} schemaDescription={"Fine-grained error code providing more detail of the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"trackingId"} required={false} schemaDescription={"Unique tracking id for the error."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>messages</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Generic localized reason for error
</div><SchemaItem collapsible={false} name={"locale"} required={false} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem><SchemaItem collapsible={true} className={"schemaItem"}><details style={{}}><summary style={{}}><strong>causes</strong><span style={{"opacity":"0.6"}}> object[]</span></summary><div style={{"marginLeft":"1rem"}}><div style={{"marginTop":".5rem","marginBottom":".5rem"}}>
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
</div><SchemaItem collapsible={false} name={"locale"} required={false} schemaDescription={"The locale for the message text, a BCP 47 language tag."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"localeOrigin"} required={false} schemaDescription={"An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice."} schemaName={"string"} qualifierMessage={"**Possible values:** [`DEFAULT`, `REQUEST`]"} defaultValue={undefined}></SchemaItem><SchemaItem collapsible={false} name={"text"} required={false} schemaDescription={"Actual text of the error message in the indicated locale."} schemaName={"string"} qualifierMessage={undefined} defaultValue={undefined}></SchemaItem></div></details></SchemaItem></ul></details></TabTtem><TabItem label={"500"} value={"500"}><ResponseSamples responseExample={"{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}"}></ResponseSamples></TabItem></SchemaTabs></TabItem></MimeTabs></div></TabItem></ApiTabs></div>
Reference in New Issue View Git Blame Copy Permalink